Judgment Method For Edge Node Computing Result Trustworthiness Based On Trust Evaluation

ABSTRACT

The present invention relates to a judgment method for edge node computing result trustworthiness based on trust evaluation, and belongs to the technical field of data processing. By means of the present invention, a security mechanism for trustworthiness of a computing result output by an industrial edge node is guaranteed, the industrial edge node is prevented from outputting error data, and attacks of false data of malicious edge nodes are resisted, it is guaranteed that trustworthy computing results not be tampered are input in the industrial cloud, and a site device is made to receive correct computing results rather than malicious or meaningless messages, thereby improving efficiency and security of industrial production.

FIELD OF INVENTION

The present invention belongs to the technical field of data processing,and relate to a judgment method for edge node computing resulttrustworthiness based on trust evaluation.

BACKGROUND ART OF THE INVENTION

Edge computing is introduced into industrial networks, and dataprocessing and storage are executed in network edges, so as to solve theproblems of node request delay, overburden of cloud server storage andcomputing, and excessive pressure of network transmission bandwidth.Edge computing extends service resources of cloud computing to networkedges, solving the problems of poor mobility of cloud computing, weakperception of geographic information and high delay. However, edgecomputing brings new challenges of security and privacy to edge nodes inindustrial edge computing networks when applied to data analysis. It isa challenge to ensure integrity of data between an industrial cloud andedge nodes and correct computing results received by a site device whilemeeting a requirement of high timeliness in the industrial networks.Because the edge nodes directly access the Internet outward and then anindustrial site device is directly exposed to the Internet, there is abig security risk, especially a data security problem.

At present, there are few studies on ensuring informationtrustworthiness of communication between industrial edge nodes and theindustrial cloud at home and abroad, most studies pay attention to thefact that information is not tampered during transmission, but cannotensure that computing results of the edge nodes are trustworthy, thatis, computing results output by the edge nodes are correct. To solve thetechnical problem, the present invention designs a solution for ensuringthat edge nodes output trustworthy computing results based on trustevaluation.

DISCLOSURE OF THE INVENTION

In view of this, the purpose of the present invention is to provide ajudgment method for edge node computing result trustworthiness based ontrust evaluation.

To achieve the above purpose, the present invention provides thefollowing technical solution:

A judgment method for edge node computing result trustworthiness basedon trust evaluation, the method comprising following steps:

S1 Before Network Operation

Each edge node to be added transmits identity information ID_(Ai), to anedge proxy for registration, a security administrator sets an error rateER_(Ai) of computing errors allowed to be caused by each edge node in anindustrial production environment; the edge proxy marks evidencecollected for which number of times with ε(ε=1, 2, . . . , CN_(τ)), andmarks trust associated information as a trust value computed in whichround with τ(τ∈N), where τ=0 when an initial trust value is evaluated,τ≥1 when the trust value is updated; CNτ represents a total number oftimes of evidence collection required when the edge proxy computes atrust value in a τ^(th) round, and t_(τ) represents time when the edgeproxy starts computing the trust value in the τ^(th) round. Afterverifying an identity of the edge node, the edge proxy starts evaluatingan initial trust value of the edge node.

S11 Evidence Collection

The edge proxy starts evaluating the initial trust value of the edgenode at τ₀, the edge proxy randomly generates a to-be-computed data setData_(B−0) ^(c e)={a⁰⁻⁰ ^(e), a¹⁻⁰ ^(e), a²⁻⁰ ^(e), . . . , a_(l−0)^(e)}, and generates a result set Data_(B−0) ^(r-ε)={b¹⁻⁰ ^(ε), b²⁻⁰^(ε), b₃₋₀ ^(ε), . . . , b_(l−0) ^(ε)} after adjacent data are pairwisecomputed as a reference set, wherein this solution specifies that thenumber of times of evidence collection CN₀ required for initial trustvalue evaluation is 3.

The edge proxy transmits a to-be-computed set to the edge node, the edgenode computes and then transmits a computing result set Data_(Ai-0)^(r-ε)={c¹⁻⁰ ^(ε), c²⁻⁰ ^(ε), c₃₋₀ ^(ε), . . . , c_(l−0) ^(ε)} and acomputing result Hash value set Data_(Ai-0) ^(h-ε)={h¹⁻⁰ ^(ε), h²⁻⁰^(ε), h₃₋₀ ^(ε), . . . , h_(l−0) ^(ε)} to the edge proxy.

According to the computing result set Data_(Ai-0) ^(r-ε) from the edgenode, the edge proxy computes a Hash value Data_(Ai-0) ^(h′-ε)−{h¹⁻⁰^(ε′), h²⁻⁰ ^(ε′), h₃₋₀ ^(ε′), . . . , h_(l−0) ^(ε′)} correspondingthereto.

The edge proxy records time t_(B−0) ^(s-ε) when the to-be-collected setis transmitted for the ε^(th) time, time t_(B−0) ^(r-ε) when computingis completed, and time t_(Ai-0) ^(r-ε) when a computing result of anedge node Ai is received, where i represents a number of nodes, i=1,2,K,n.

S12 Evidence Processing

The edge proxy processes the collected data as follows:

(1) accuracy represents a proportion of the number of correct computingresults to the number of total data; an accuracy computing formula ofevidence collection for the ε^(th) time is as follows:

$\begin{matrix}{E_{{Ai} - \tau}^{{ac} - \varepsilon} = \frac{N_{{Ai} - \tau}^{{ac} - \varepsilon}}{l}} & (1)\end{matrix}$

where N_(Ai−τ) ^(ac−ε) represents identical number in a result setData_(B-τ) ^(r-ε) computed by the edge proxy in evidence collection forthe ε^(th) time and a result set Data_(Ai−τ) ^(r-ε) computed by the edgenode Ai, ε represents evidence collected for the ε^(th) time, τrepresents trust computing in the i^(th) round, and l represents a dataamount in evidence collection each time;

(2) integrity represents a proportion of the number of complete data tothe number of total data; an integrity computing formula of evidencecollection for the ε^(th) time is as follows:

$\begin{matrix}{E_{{Ai} - \tau}^{{cm} - \varepsilon} = \frac{N_{{Ai} - \tau}^{{cm} - \varepsilon}}{l}} & (2)\end{matrix}$

where N_(Ai−τ) ^(cm−ε) represents identical number in a result Hashvalue set Data_(Ai-s) ^(h′-ε) computed by the edge proxy in evidencecollection for the ε^(th) time and a result Hash value set Data_(Ai−τ)^(h-ε) computed by the edge node Ai, ε represents evidence collected forthe ε^(th) time, τ represents trust computing in the τ^(th) round, and lrepresents a data amount in evidence collection each time;

(3) timeliness represents a difference between a computing efficiency ofthe edge node Ai and a computing efficiency of the edge proxy; atimeliness computing formula of evidence collection for the ε^(th) timeis as follows:

E _(Ai−τ) ^(tm-ε) =T _(Ai−τ) ^(tm-ε) −T _(B-τ) ^(tm-ε)  (3)

where T_(Ai−τ) ^(tm-ε) represents a computing efficiency of the edgenode in evidence collection for the ε^(th) time; T_(B-τ) ^(tm-ε)represents a computing efficiency of the edge proxy in evidencecollection for the ε^(th) time, and τ represents trust computing in theτ^(th) round.

When the edge proxy evaluates the initial trust value, the edge proxycomputes a computing efficiency

$T_{{Ai}0}^{{tm} - \varepsilon} = \frac{t_{{Ai} - 0}^{r - \varepsilon} - t_{B - 0}^{s - \varepsilon}}{l}$

of CN₀ edge nodes and a computing efficiency

$T_{A - 0}^{{tm} - \varepsilon} = \frac{t_{B - 0}^{r - \varepsilon} - t_{B - 0}^{s - \varepsilon}}{l}$

of the edge proxy according to the time t_(B−0) ^(s-ε) when theto-be-collected set is transmitted for ε^(th) time, the time t_(B−0)^(r-ε) when computing of the to-be-computed set is completed, and thetime t_(Ai-0) ^(r-ε) when a computing result of an edge node Ai isreceived, substitutes the results into formula (3), and computes toobtain timeliness of the CN₀ edge nodes Ai.

When evaluating the initial trust value, the edge proxy processesevidence collected for three times by means of formula (1), formula (2)and formula (3), to obtain three values of each of accuracy, integrityand timeliness of the edge nodes Ai to be added.

S13 Initial Trust Evaluation

1) Computing Initial Trust Value

A direct trust value is a quantization value that indicates an abilityof the edge node to complete a request task and is based on aninteractive record history between the edge proxy and the edge node;when the edge proxy computes the initial trust value of the edge node,the edge node is in a to-be-operated state; the edge proxy conductsfuzzy evaluation on direct trust factors of edge nodes to be operatedrespectively, steps of computing direct trust values are as follow:

(a) determining a factor set

E = {E_(Ai − τ)^(ac − ε), E_(Ai − τ)^(cm − ε), E_(Ai − τ)^(tm − ε)),

and an evaluation set V={V₁, V₂, V₃}, where V₁ representsuntrustworthiness, V₂ represents uncertainty, and V₃ representstrustworthiness; it is stipulated that μ^(un) is an untrustworthymembership degree, and 0≤μ^(un)<β_(u); μ^(in) is an uncertain membershipdegree, and β_(u)≤μ^(in)<β_(c); μ^(cr) is a trustworthy membershipdegree, and β_(c)≤μ^(cr≤)1, where β_(u) is untrustworthy threshold andβ_(c), is trustworthy threshold; the edge proxy computes membershipdegrees of accuracy, integrity and timeliness, computing formulae are asfollows:

{circle around (1)} computing formula of membership degree of accuracyin evidence collection for the ε^(th) time is as follows:

$\mu_{1 - \tau}^{\varepsilon} = \{ \begin{matrix}{0,} & {E_{{Ai} - \tau}^{{ac} - \varepsilon} = 0} \\{\lbrack {1 + {10( {1 - E_{{Ai} - \tau}^{{ac} - \varepsilon}} )^{2}}} \rbrack^{- 1},} & {0 < E_{{Ai} - \tau}^{{ac} - \varepsilon} \leq 1}\end{matrix} $

{circle around (2)} computing formula of membership degree of integrityin evidence collection for the ε^(th) time is as follows:

$\mu_{2 - \tau}^{\varepsilon} = \{ \begin{matrix}{0,} & {E_{{Ai} - \tau}^{{cm} - \varepsilon} = 0} \\{\lbrack {1 + {10( {1 - E_{{Ai} - \tau}^{{cm} - \varepsilon}} )^{2}}} \rbrack^{- 1},} & {0 < E_{{Ai} - \tau}^{{cm} - \varepsilon} \leq 1}\end{matrix} $

{circle around (3)} computing formula of membership degree of timelinessin evidence collection for the ε^(th) time is

${\mu_{3 - \tau}^{\varepsilon} = \lbrack {1 + {\gamma \times ( E_{{Ai} - \tau}^{{tm} - \varepsilon} )^{2}}} \rbrack^{- 1}},{{{{where}\gamma} = \frac{\begin{matrix}{{CPU}{clock}{speed}{of}} \\{{edge}{proxy}}\end{matrix}}{\begin{matrix}{{CPU}{clock}{speed}{of}} \\{{edge}{node}}\end{matrix}}};}$

(b) computing proportions of membership degrees corresponding toaccuracy, integrity and timeliness in trust computing in the τ^(th)round belonging to V₁, V₂, V₃, which are {r_(11-τ), r_(12-τ), r_(13-τ)},{r_(21-τ), r_(22-τ), r_(23-τ)} and {r_(31-τ), r_(32-τ), r_(33-τ)}respectively, for example,

${r_{11 - \tau} = \frac{N( \mu_{1 - \tau}^{{un} - \varepsilon} )}{{CN}_{\tau}}},$

where N(μ_(I-τ) ^(un-ε)) represents the number of accuracy membershipdegrees of CN_(τ) accuracy membership degrees within an untrustworthymembership degree range; the edge proxy obtains a judgment matrix

${R_{\tau} = \begin{bmatrix}r_{11 - \tau} & r_{12 - \tau} & r_{13 - \tau} \\r_{21 - \tau} & r_{22 - \tau} & r_{23 - \tau} \\r_{31 - \tau} & r_{32 - \tau} & r_{33 - \tau}\end{bmatrix}};$

(c) computing weight corresponding to accuracy, integrity and timelinessusing the entropy weight method, the computing steps being as follows:

{circle around (1)} forming a matrix by CNτ membership degrees μ_(1−τ)^(ε), μ_(2−τ) ^(ε), μ_(3−τ) ^(ε) corresponding to accuracy, integrityand timeliness:

$\begin{bmatrix}\mu_{1 - \tau}^{1} & \cdots & \mu_{1 - \tau}^{\varepsilon} & \cdots & \mu_{1 - \tau}^{{CN}_{\tau}} \\\mu_{2 - \tau}^{1} & \cdots & \mu_{2 - \tau}^{\varepsilon} & \cdots & \mu_{2 - \tau}^{{CN}_{\tau}} \\\mu_{3 - \tau}^{1} & \cdots & \mu_{3 - \tau}^{\varepsilon} & \cdots & \mu_{3 - \tau}^{{CN}_{\tau}}\end{bmatrix};$

{circle around (2)} computing information entropy corresponding toaccuracy, integrity and timeliness:

${{E_{j - \tau}--}( {\ln{CN}_{\tau}} )^{- 1}{\sum\limits_{\varepsilon = 1}^{{CN}_{\tau}}{( p_{j - \tau}^{\varepsilon} ){\ln( p_{j - \tau}^{\varepsilon} )}}}},{{{where}p_{j - \tau}^{\varepsilon}} - \frac{\mu_{j - \tau}^{\varepsilon}}{\sum\limits_{\varepsilon = 1}^{{CN}_{\tau}}\mu_{j - \tau}^{\varepsilon}}},{( {{j - 1},2,3} );}$

{circle around (3)} computing weight corresponding to accuracy,integrity and timeliness:

${\alpha_{j - \tau} = \frac{1 - E_{j - \tau}}{3 - {\sum\limits_{j = 1}^{3}E_{j - \tau}}}};$

in order to avoid the condition where the weight is zero when the degreeof dispersion of a certain factor is too small, weight rangescorresponding to accuracy, integrity and timeliness are α₁∈[0.5,0.8],β₂∈[0.01,0.2] and α₃∈[0.2,0.4] respectively, where α₁>α₃>α₂; when theweight obtained using the entropy weight method is not within thespecified range, the maximum value or minimum value of the correspondingrange is taken, actual weight is

${\alpha_{j - \tau}^{\prime} = \frac{\alpha_{j - \tau}}{\alpha_{1 - \tau} + \alpha_{2 - \tau} + \alpha_{3 - \tau}}},{{A_{\tau} = \{ {\alpha_{1 - \tau}^{\prime},\alpha_{2 - \tau}^{\prime},\alpha_{3 - \tau}^{\prime}} \}};}$

(d) computing a judgment result Z_(Ai−τ)=A_(τ)*R_(τ)={z_(1−τ), z_(2−τ),z_(3−τ)}, there being following three cases:

{circle around (1)} when z_(1−τ) is the maximum, the edge node Ai isuntrustworthy, the edge proxy does not compute an average membershipdegree of accuracy, integrity and timeliness;

{circle around (2)} when z_(2−τ) is the maximum, the edge node Ai isuncertain in trust, the edge proxy computes means of membership degreeswithin a range [β_(u), β_(c)) corresponding to accuracy, integrity andtimeliness, which are

${\overset{\_}{\mu_{1 - \tau}} = \frac{\sum\limits_{\varepsilon = 1}^{{CN}_{\tau}}\mu_{1 - \tau}^{{in} - \varepsilon}}{N( \mu_{1 - \tau}^{{in} - \varepsilon} )}},{\overset{\_}{\mu_{2 - \tau}} = \frac{\sum\limits_{\varepsilon = 1}^{{CN}_{\tau}}\mu_{2 - \tau}^{{in} - \varepsilon}}{N( \mu_{2 - \tau}^{{in} - \varepsilon} )}},{\overset{\_}{\mu_{3 - \tau}} = \frac{\sum\limits_{\varepsilon = 1}^{{CN}_{\tau}}\mu_{3 - \tau}^{{in} - \varepsilon}}{N( \mu_{3 - \tau}^{{in} - \varepsilon} )}},$

where a denominator represents the number of membership degrees of allfactors within the range [β_(u), β_(c)) and a numerator represents thesum of membership degrees of all factors within the range [β_(u),β_(c)); μ_(1−τ) ^(in-ε) is the membership degree of the accuracy of theτ^(th) evidence collection within the range [β_(u), β_(c)), μ_(2−τ)^(in-ε) is the membership degree of the integrity of the τ^(th) evidencecollection within the range [β_(u), β_(c)), μ_(3−τ) ^(in-ε) is themembership degree of the timeliness of the τ^(th) evidence collectionwithin the range [β_(u), β_(c));

{circle around (3)} when z_(3−τ) is the maximum, the edge nodes Ai istrustworthy, the edge proxy computes means of membership degrees withina range [β_(c), 1] corresponding to accuracy, integrity and timeliness,which are

${\mu_{1 - \tau} = \frac{\sum\limits_{\varepsilon = 1}^{{CN}_{\tau}}\mu_{1 - \tau}^{{cr} - \varepsilon}}{N( \mu_{1 - \tau}^{{cr} - \varepsilon} )}},{\mu_{2 - \tau} = \frac{\sum\limits_{\varepsilon = 1}^{{CN}_{\tau}}\mu_{2 - \tau}^{{cr} - \varepsilon}}{N( \mu_{2 - \tau}^{{cr} - \varepsilon} )}},{\mu_{3 - \tau} = \frac{\sum\limits_{\varepsilon = 1}^{{CN}_{\tau}}\mu_{3 - \tau}^{{cr} - \varepsilon}}{N( \mu_{3 - \tau}^{{cr} - \varepsilon} )}},$

where a denominator represents the number of membership degrees of allfactors within the range [β_(c), 1] and a numerator represents the sumof the membership degrees of all factors within the range [β_(c), 1];μ_(1−τ) ^(cr-ε) is the membership degree of the accuracy of the τ^(th)evidence collection within the range [β_(c), 1], μ_(2−τ) ^(cr-ε) is themembership degree of the integrity of the τ^(h) evidence collectionwithin the range [β_(c), 1], μ_(3−τ) ^(cr-ε) is the membership degree ofthe timeliness of the τ^(th) evidence collection within the range[β_(c), 1];

(e) the edge proxy computes a direct trust value Trust_(Ai−τ) ^(cd) ofthe edge node Ai according to the average membership degree of accuracy,integrity and timeliness, and the weight thereof, the computing formulabeing as follows:

Trust_(Ai−τ) ^(cd)=α′_(1−τ) μ₁−τ+α′_(2−τ) μ_(2−τ) +α′_(3−τ) μ_(3−τ)  (4)

Since the edge nodes to be operated have no historical trust values andfeedback scores, at this moment, the initial direct trust value is thefinal trust value, and the final trust value before the edge node Aioperates is Trust_(Ai-0) ^(u)=Trust_(Ai-0) ^(cd).

2) Computing Trust Identifier

Edge node trust is divided into three levels, namely an untrustworthylevel, an uncertain level and a trustworthy level.

A threshold of the untrustworthy level is β_(u), a threshold of thetrustworthy level is β_(c), 0<β_(u)<β_(c)≤1 andβ_(c)=[1+10(ER_(Ai))²]⁻¹, β_(u)=β_(c)−0.2, where ER_(Ai) represents anerror rate of computing errors allowed to be caused by each edge node Aiin an industrial production environment occasionally due to mistake,0≤ER_(Ai)<30%, the greater the β_(u) and β_(c), the sensitive the systemto incorrect computing results; the security administrator sets an errorrate of errors allowed to be caused by each edge node in an industrialproduction environment, and the edge proxy computes corresponding β_(u)and β_(c) according to the error rate.

The edge proxy computes a trust identifier of an edge node Ai to beoperated according to a judgment result, the rules are as follows:

(a) For an edge node of which the trust value level is a trustworthylevel, in order to prevent a malicious node from cheating trust, theedge proxy replaces a trust value of the edge node with a trustworthylevel with

$\frac{\beta_{u} + \beta_{c}}{2},$

that is, degrades the edge node with a trustworthy level to an edge nodewith an uncertain level.

(b) For an edge node of which the trust value level is an uncertainlevel, the edge proxy allocates a trust identifier TI_(Ai-0)=1 of aninitial trust value to the edge node, computes valid time T_(Ai-0) ^(v)of the initial trust identifier according to formula (5), and storesinitial trust associated information locally;

a computing formula of the valid time T_(Ai-0) ^(v) of the trustidentifier of the initial trust value is as follows:

T _(Ai-0) ^(v)=5i×CN ₀× T _(Ai-0) ×l+5ΔT  (5)

where i represents the number of on-line edge nodes, CN₀ represents thenumber of times of evidence collection in initial trust evaluation,T_(Ai-0) represents an average computing efficiency

$\overset{\_}{T_{{Ai} - 0}} = \frac{\sum\limits_{\varepsilon = 1}^{{CN}_{0}}T_{{Ai} - 0}^{{tm} - \varepsilon}}{{CN}_{0}}$

of the edge nodes Ai, l represents a data amount of evidence collectioneach time, ΔT represents a time interval between trust updates, and thevalid time is in second; if a trust identifier of an edge node isexpired, the edge proxy lists the edge node in a blacklist.

(c) For an edge node of which the trust level is an untrustworthy level,that is, an edge node of which the z_(1−τ) is the maximum, to avoidevaluation errors, the edge proxy repeats the above-mentioned steps ofevidence collection, evidence processing and trust evaluation toevaluate the initial trust value thereof twice, if the trust value isstill untrustworthy after being evaluated twice, reports to the securityadministrator to replace the edge node, and computes an initial trustvalue of the replaced edge node to be added.

Initial trust associated data of the edge node Ai includes initial trustvalue evaluation start time t₀, a node identity identifier ID_(Ai), anaccuracy membership degree mean μ¹⁻⁰ , an integrity membership degreemean μ²⁻⁰ , a timeliness membership degree mean μ₃₋₀ , an initial trustvalue Trust_(Ai-0) ^(u), a trust identifier TI_(Ai-0) and valid timeT_(Ai-0) ^(v).

The edge proxy transmits the trust identifier to a site device, the sitedevice checks the trust identifier of the edge node to be operated andtransmits data to an edge node with a trust identifier greater than 0,and then the edge node is in an operating state.

S2 After Network Operation

S21 Evidence Collection

After a network operates for ΔT time, the edge proxy initiates an updatetrust request to the site device, the edge proxy starts to collect thecollected data of the site device, a computing result of the edge nodeand a Hash value thereof, and a feedback score from the site device, andrecords response time and a historical direct trust value of the edgenode. After the edge proxy initiates the trust update request, the edgeproxy conducts each evidence collection in following two cases:

case 1: the edge node directly returns the computing result to the sitedevice, and the site device transmits the computing result of the edgenode and the Hash value thereof to the edge proxy;

case 2: after preliminary computing, the edge node transmits thecomputing result and the Hash value thereof to the edge proxy, the edgeproxy collects evidence and uploads the computing result of the edgenode, trust identifier and signature to an industrial cloud, theindustrial cloud checks the trust identifier of the edge node andverifies the signature and then further processes a preliminarycomputing result of the edge node, the industrial cloud transmits thecomputing result and signature to the edge proxy, the edge proxyverifies the signature and then transmits the computing result to thesite device.

The edge proxy collects evidence data in the above two cases, andcollects 0.1 evidence data as one evidence collection; each round oftrust update requires evidence collection for CN_(τ) times, and the edgenode is in an operating state at this moment; the edge proxy records thenumber of times of evidence collection with ε(ε=1, 2, . . . , CN_(τ));during the τ^(th) round of trust update, the edge proxy collectsevidence for CN_(τ) times and then conducts evidence processing andtrust update operations; a time interval between every two rounds oftrust update is ΔT; a computing formula of the number of times CN_(τ) ofevidence collection required for the τ^(th) round of trust update isspecified as follows:

CN _(τ)−┌6×arctan[0.5×TI _(Ai−(τ−1))]  (6)

The edge proxy computes the number of times of evidence collectionCN_(τ) required for the τ^(th) round of trust update according to thetrust identifier of the (τ−1)^(th) time; the edge proxy rapidly updatesthe trust value of the edge node when the trust identifier is small andthe number of times of evidence collection is less; at the initial stageof network operation, the number of times of evidence collectionincreases with the increase of the number of trustworthy times, in orderto update the trust value in time and reduce trust computing amount, thenumber of times of evidence collection cannot be infinitely increased,and the maximum value of the number of times of evidence collectionCN_(τ) is

$\lceil {6 \times \frac{\pi}{2}} \rceil = 10.$

1) Direct Trust Factor Collection

The site device transmits the collected data α_(0-τ) ^(ε) to the edgeproxy and the edge node Ai simultaneity, the site device transmits apiece of data every Δt, and the edge proxy and the edge node startprocessing after receiving the second collected data; the edge proxyprocesses a computing result of the data collected in two consecutivetimes as h_(0-τ) ^(ε), the edge node Ai processes a computing result ofthe data collected in two consecutive times as c_(0-τ) ^(ε), ϑrepresents a serial number of evidence collected in each evidencecollection, (ϑ=1, 2, . . . , l); during each evidence collection, thesite device needs to transmit (l+1) data, and the data transmitted bythe site device form a set Data_(D-τ) ^(c-ε)−{a_(0-τ) ^(ε), a_(1−τ)^(ε), a_(2−τ) ^(ε), . . . , a_(l−τ) ^(ε)}.

At t_(τ), the edge proxy starts the τ^(th) round of trust update, theedge proxy collects evidence for CN_(τ) times in total, i data evidencecollected for the ε^(th) time including a computing result Data_(B-τ)^(r-ε)={b_(1−τ) ^(ε), b_(2−τ) ^(ε), b_(3−τ) ^(ε), . . . , b_(l−τ) ^(ε)}of the edge proxy, a computing result Data_(Ai−τ) ^(r-ε)={c_(1−τ) ^(ε),c_(2−τ) ^(ε), c_(3−τ) ^(ε), . . . , c_(l−τ) ^(ε)} of the edge node Aiand a Hash value Data_(Ai−τ) ^(h-ε)={h_(1−τ) ^(ε), h_(2−τ) ^(ε), h_(3−τ)^(ε), . . . , h_(l−τ) ^(ε)} thereof, and a corresponding Hash valueData_(Ai−τ) ^(h′-ε)={h_(1−τ) ^(ε′), h_(2−τ) ^(ε′), h_(3−τ) ^(ε′), . . ., h_(l−τ) ^(ε′)} computed by the edge proxy according to the computingresult set Data_(Ai−τ) ^(r-ε) of the edge node Ai; the edge proxyrecords time t_(D-τ) ^(s-ε) of transmitting the first data by the sitedevice when collecting evidence for the ε^(th) time, time t_(B-τ) ^(r-ε)of computing the l^(th) result by the edge proxy, and time t_(Ai−τ)^(r-ε) of computing the l^(th) result by the edge node Ai.

2) Historical Direct Trust Value Collection

Because trust dynamically changes with time, in order to avoid maliciousacts, the edge proxy uses a historical direct trust value to correct adirect trust value, and the edge proxy uses a sliding window to storethe historical direct trust value so as to reduce the influence of theold direct trust value on the new direct trust value. Each edge node hasa sliding storage window, the larger the window, the more the storageand computing overhead, so a short and small sliding storage window canlimit the amount of trust computing and improve the efficiency of trustevaluation.

The sliding storage window includes u panes, each pane retains ahistorical direct trust value, that is, a direct trust value before theτ^(th) round of trust update is stored in the sliding storage window; adirect trust value stored in the k pane is Trust_(Ai−(τ+u+k−1)) ^(εd);only when each pane has a direct trust value, the window begins to move,and moves one pane every time; a new direct trust value is added intothe window after the trust is updated, while an expired direct trustvalue is extruded out of the window; during the τ^(th) round of trustupdate, direct trust values from the (τ−u)^(th) round of trust update tothe (τ−1)^(th) round of trust update are stored in the window, and adirect trust value of the τ^(th) round is stored in the sliding storagewindow after the τ^(th) round of trust update; when a trust identifierof the edge node Ai is equal to 0, the edge node is regarded as amalicious node, and the edge proxy deletes a sliding storage windowthereof

3) Feedback Score Collection

The edge proxy updates a final trust value of an edge node in anoperating state and also needs to take into account a feedback scoregiven to a computing result of the edge node by the site device; a ruleof giving scores to edge nodes by the site device is as follows: if asafety accident occurs, the site device feeds back d_(ϑ−τ) ^(ε)=1regardless whether a trust update is being conducted, and the edge proxylists an edge node corresponding to the feedback score in a blacklist;otherwise, the site device feeds back scores given to computing results:bad review d_(ϑ−τ) ^(ε)=0 and good review d_(ϑ−τ) ^(ε)=1.

The site device feeds back the scores given to the computing results tothe edge proxy, during the τ^(th) round of trust update, the edge proxycollects for CN_(τ) times and collects l feedback scores each time, anda feedback score collected by the edge proxy for the ε^(th) time isData_(Ai−τ) ^(f−ε)={d_(1−τ) ^(ε), d_(2−τ) ^(ε), d_(3−τ) ^(ε), . . . ,d_(l−τ) ^(ε)} including scores given, by the site device, to computingresults directly returned by v edge nodes to the site device and scoresgiven, by the site device, to computing results transmitted by (l−v)edge nodes to the industrial cloud for processing and then returned tothe site device; a proxy signature based on elliptic curve is used tomake the communication between the edge nodes and the industrial cloudtrustworthy, no matter the computing results received by the site devicecome from the edge nodes or the industrial cloud, the objects to whichthe site device feeds back scores are edge nodes.

S22 Evidence Processing

1) Direct Trust Factor Processing

After collecting evidence for CN_(τ) times, the edge proxy respectivelycomputes accuracy, integrity and timeliness of an edge node Ai duringeach evidence collection in the τ^(th) round of trust update;

(a) the edge proxy computes accuracy of the edge node Ai according toformula (1);

(b) the edge proxy computes integrity of the edge node Ai according toformula (2);

(c) according to the time t_(D−τ) ^(s−ε) of transmitting the first databy the site device when collecting evidence for the ε^(th) time, thetime t_(b−τ) ^(e−ε) of computing the l^(th) result by the edge proxy,and the time t_(Ai τ) ^(r−ε) of computing the l^(th) result by the edgenode Ai, the edge proxy computes a computing efficiency

$T_{{Ai} - \tau}^{{tm} - \varepsilon} = \frac{l_{{Ai} - \tau}^{r - \varepsilon} - l_{D - \tau}^{s - \varepsilon}}{l}$

of the edge node and a computing efficiency

$T_{B - \tau}^{{tm} - \varepsilon} = \frac{l_{B - \tau}^{r - \varepsilon} - l_{D - \tau}^{s - \varepsilon}}{l}$

of the edge proxy, substitutes T_(Ai−τ) ^(tm−ε), T_(B−τ) ^(tm−ε) intoformula (3), and compute timeliness of the edge node Ai.

When conducting the τ^(th) round of trust update, the edge proxyprocesses the collected direct trust factors by means of formula (1),formula (2) and formula (3), to obtain CN_(τ) values of each ofaccuracy, integrity and timeliness of an edge node Ai to be examined.

2) Historical Trust Value Processing

For weight factors of historical direct trust values at different time,there is a need to take into account a time factor, that is, the longerthe time of the trust value, the lower the proportion; a weight of thek^(th) pane of the sliding storage window is:

φ_(k) =e ^(−ρ(u−k))  (7)

where ρ represents an attenuation coefficient which is 0.3; if thesliding storage window is not fully stored, u is the number of actualhistorical direct trust values;

according to the historical direct trust value and weight thereof in thesliding storage window, the edge proxy computes a weighted averagehistorical trust value Trust_(Ai−τ) ^(hd) of the edge node Ai in theτ^(th) round of trust update:

$\begin{matrix}{{Trust}_{{Ai} - \tau}^{hd} = \frac{\sum\limits_{k = 1}^{u}{\varphi_{k} \times {Trust}_{{Ai} - {({\tau - u + k - 1})}}^{cd}}}{\sum\limits_{k = 1}^{u}\varphi_{k}}} & (8)\end{matrix}$

3) Feedback Score Processing

For an edge node with a feedback score of −1, the security administratorreplaces the edge node with an edge node to be added, and the edge proxyrepeats an initial trust value computing step, to evaluate an initialtrust value of the edge node to be added.

According to the feedback score, the edge proxy computes reward andpenalty factors of the edge node Ai in the τ^(th) round of trust update;and according to a difference ΔN_(Ai τ) ^(ε)=N_(Ai−τ)^(g−c)−└l×(1−ER_(Ai))┘ between the total number of times of good reviewN_(Ai−τ) ^(g−ε) during evidence collection for the ε^(th) time and theminimum required number of correct computing results, the edge proxycomputes a reward factor E_(Ai−τ) ^(g−ε) and a penalty factor E_(Ai−τ)^(b−ε) corresponding to the evidence collection for the ε^(th) time,where N_(Ai−τ) ^(g e)=Σϑ=1 ^(l)d_(ϑ=τ) ^(t), ER_(Ai) is the error ratethat the edge node is allowed to calculate in an industrial productionenvironment.

If ΔN_(Ai−τ) ^(ε)≥0, the reward factor and penalty factor correspondingto the evidence collection for the ε^(th) time are E_(Ai τ)^(g−ε)=0.3[(1+e^(−ΔN) ^(Ai−τ) ^(ε) )⁻¹−0.5] and E_(Ai−τ) ^(b−ε)=0respectively; otherwise, the reward factor and penalty factorcorresponding to the evidence collection for the ε^(th) time areE_(Ai−τ) ^(g−ε)=0 and E_(Ai τ) ^(g−ε)=0.4[1+e^(−ΔN) ^(Ai−τ) ^(ε))⁻¹−0.5] respectively; the reward degree is small and the penalty degreeis large, which reflects the characteristic that the trust value isslowly increased and quickly decreased.

The edge proxy computes a final reward or penalty factor E_(Ai−τ) ^(f)according to the reward and penalty factors in the τ^(th) round of trustupdate:

$\begin{matrix}{E_{{Ai} - \tau}^{f} = \{ \begin{matrix}{0,} & {{⊐ d_{\vartheta - \tau}^{\varepsilon}} = {- 1}} \\{\frac{\sum\limits_{\varepsilon = 1}^{{CN}_{\tau}}\lbrack {F_{{Al} - \tau}^{g - \varepsilon} + F_{{Ai} - \tau}^{b - \varepsilon}} \rbrack}{{CN}_{\tau}},} & {\forall{d_{\vartheta - \tau}^{\varepsilon} \neq {- 1}}}\end{matrix} } & (9)\end{matrix}$

Good feedback from the field device increases the trust value of theedge node Ai and bad feedback rapidly decreases the trust value of theedge node Ai; if there is safety accident feedback from the site device,E_(Ai−τ) ^(f) appears as a penalty factor, E_(Ai−τ) ^(f)=0; if there isno safety accident feedback, E_(Ai−τ) ^(f)>0 represents reward, E_(Ai−τ)^(f)<0 represents penalty, and E_(Ai−τ) ^(f)=0 represents neither rewardnor penalty.

S23 Trust Update

According to the direct trust value, historical trust value and feedbackscores, the edge proxy updates the trust value of the edge node, theedge node is in a to-be-examined state at this moment; a time intervalbetween every two rounds of trust updates is ΔT.

1) Computing Direct Trust Value

The edge proxy repeats the step of computing a direct trust value whenevaluating initial trust, and computes a direct trust valueTrust_(Ai−τhu cd) of the edge node Ai to be examined of which thejudgment result is trustworthy or uncertain in the τ^(th) round of trustupdate by means of formula (4); for an edge node to be examined of whichthe judgment result is untrustworthy, the edge proxy directly lists theedge node in a blacklist.

2) Correcting Direct Trust Value

Before computing the final trust value, the edge proxy needs to correctthe direct trust value by using the weighted average historical directtrust value; the edge proxy weights and aggregates Trust_(Ai−τ) ^(cd)and Trust_(Ai−τ) ^(hd) of the edge node Ai to obtain a corrected directtrust value Trust_(Ai−τ) ^(d) of the edge node Ai in the τ^(th) round oftrust update:

Trust_(Ai−τ) ^(d)=δ×Trust_(Ai−τ) ^(cd)+(1−δ)×Trust_(Ai−τ) ^(hd)  (10)

where δ is used to balance proportions of current trust and historicaltrust, and δ is defined as follows:

$\begin{matrix}{\delta = \{ \begin{matrix}{\delta_{1},} & {{Trust}_{{Ai} - \tau}^{cd} \geq {Trust}_{{Ai} - \tau}^{hd}} \\{\delta_{2},} & {{Trust}_{{Ai} - \tau}^{cd} < {Trust}_{{Ai} - \tau}^{hd}}\end{matrix} } & (11)\end{matrix}$

where 0<δ₁<δ₂<1, it is specified that δ₁=0.3, δ₂=0.7, the value of δ₁ issmall, to prevent the edge node from accumulating trust thereof quickly,and the value of δ₂, is large, which reflects a penalty for a maliciousact of the edge node.

3) Updating Final Trust Value

According to the reward or penalty factor computed in formula (9), theedge proxy computes a final trust value of an edge node to be examined.

A computing formula of the final trust value Trust_(Ai−τ) ^(u) of theedge node Ai in the τ^(th) round of trust update is as follows:

$\begin{matrix}{{Trust}_{{Ai} - \tau}^{u} = \{ \begin{matrix}{{E_{{Ai} - \tau}^{f} \times {Trust}_{{Ai} - \tau}^{d}},} & {\exists{{d_{\vartheta - \tau}^{\varepsilon}--}1}} \\{{E_{{Ai} - \tau}^{f} + {Trust}_{{Ai} - \tau}^{d}},} & {\forall{d_{\vartheta - \tau}^{\varepsilon} \neq {- 1}}}\end{matrix} } & (12)\end{matrix}$

If a certain feedback score is −1, the final trust value of the edgenode Ai in the τ^(th) round of trust update is equal to 0; otherwise,the final trust value of the edge node Ai in the τ^(th) round of trustupdate is equal to a corrected direct trust value of the edge node Aiplus a reward or penalty factor.

4) Computing Trust Identifier

After trust update, the edge proxy compares the final trust value of theedge node to be examined with a trust threshold (trust critical value)in Table 2-trust level table, and then computes a trust identifier ofthe edge node Ai according to the judgment result and the final trustvalue, rules are as follows:

(a) for an edge node of which the trust value level is a trustworthylevel, the edge proxy computes a trust identifier TI_(Ai-τ) thereofaccording to formula (13), computes valid time T_(Ai−τ) ^(v) of thetrust identifier according to formula (14), and then stores trustassociated information thereof locally according to a data structure inTable 6;

a specific computing formula of the trust identifier of the edge node Aiin the τ^(th) round of trust update is as follows:

$\begin{matrix}{{TI}_{{Ai} - \tau} - \{ \begin{matrix}{0,} & {{Trust}_{{Ai} - \tau}^{d} < \beta_{u}} \\{{TI}_{{Ai} - {({\tau - 1})}},} & {\beta_{u} \leq {Trust}_{{Ai} - \tau}^{d} < \beta_{c}} \\{{{TI}_{{Ai} - {({\tau - 1})}} + 1},} & {{Trust}_{{Ai} - \tau}^{d} \geq \beta_{c}}\end{matrix} } & (13)\end{matrix}$

a computing formula of the valid time T_(Ai−τ) ^(v) of the trustidentifier of the trust value is as follows:

T _(Ai−τ) ^(v)=6×CN _(τ) ×l×( T _(Ai−τ) +Δt)+TI _(Ai−τ) ×ΔT  (14)

where CN_(τ) represents a number of times of evidence collectionrequired in the τ^(th) round of trust update, l represents a data amountof evidence collection each time, T_(Ai−τ) represents an averagecomputing efficiency

$\overset{\_}{T_{{Ai} - \tau}} = \frac{\sum\limits_{\varepsilon = 1}^{{CN}_{\tau}}T_{{Ai} - \tau}^{{tm} - \varepsilon}}{{CN}_{\tau}}$

of edge nodes Ai, Δt represents a time interval at which the site devicetransmits data, ΔT represents a time interval between trust updates, andthe valid time is in second; if a trust identifier of an edge node isexpired, the edge proxy lists the edge node in a blacklist;

(b) for an edge node of which the trust level is an uncertain level, atrust identifier thereof is unchanged; the edge proxy checks the trustidentifier thereof, and if the number of times of continuous equality ofthe trust identifier is less than 3, the edge proxy allows the edge nodeto operate; otherwise, the edge proxy lists the edge node in ablacklist, and then the edge node is in an isolation state;

(c) for an edge node of which the trust level is an untrustworthy level,the edge proxy lists the edge node in a blacklist directly, and then theedge node is in an isolation state; the edge proxy broadcasts identityinformation about the edge node in the blacklist and a trust identifier0 thereof, and reports to the security administrator to replace the edgenode; after the security administrator replaces the isolated edge nodewith an edge node to be added, the edge proxy repeats an initial trustvalue computing step, to separately evaluate an initial trust value ofthe edge node to be added.

Trust associated data of the edge node Ai includes start time t_(τ) ofthe τ^(th) round of trust update, a node identity identifier ID_(Ai) anaverage accuracy membership degree μ_(1−τ) , an integrity membershipdegree mean μ_(2−τ) , a timeliness membership degree mean μ_(3−τ) , acorrected direct trust value Trust_(Ai−τ) ^(d), a reward or penaltyfactor E_(Ai τ) ^(f), a final trust value Trust_(Ai−τ) ^(u), a trustidentifier TI_(Ai−τ) and valid time T_(Ai−τ) ^(v).

The edge proxy transmits the trust identifier to the site device, thesite device decides whether to transmit data according to the trustidentifier of the edge node, and transmits data to an edge node with atrust identifier greater than 0 rather than to an edge node with a trustidentifier equal to 0.

After ΔT time, the edge proxy repeatedly executes the steps of evidencecollection, evidence processing and trust update, and so on.

The present invention has the advantageous effects that: by means of thepresent invention, a security mechanism for trustworthiness of acomputing result output by an industrial edge node is guaranteed, theindustrial edge node is prevented from outputting error data, andattacks of false data of a malicious edge node are resisted, it isguaranteed that trustworthy computing results not be tampered are inputin the industrial cloud, and a site device is made to receive correctcomputing results rather than malicious or meaningless messages, therebyimproving efficiency and security of industrial production.

Other advantages, objectives and features of the present invention willbe illustrated in the following description to some extent, and will beapparent to those skilled in the art based on the followinginvestigation and research to some extent, or can be taught from thepractice of the present invention. The objectives and other advantagesof the present invention can be realized and obtained through thefollowing description.

DESCRIPTION OF THE DRAWINGS

To enable the purpose, the technical solution and the advantages of thepresent invention to be more clear, the present invention will bepreferably described in detail below in combination with the drawings,in the drawings:

FIG. 1 is an industrial edge computing framework with a trust mechanism;

FIG. 2 is a flow chart of trust evaluation;

FIG. 3 is a sequence diagram of a trust evaluation process;

FIG. 4 is a trust evaluation framework and flow chart;

FIG. 5 is a sequence diagram showing a process of evidence collection ininitial trust evaluation;

FIG. 6 is a flow chart showing a first case of evidence collectionduring trust update;

FIG. 7 is a flow chart showing a second case of evidence collectionduring trust update;

FIG. 8 is a sequence diagram showing a process of evidence collection inthe τ^(th) round of trust update; and

FIG. 9 shows a sliding storage window.

DETAILED DESCRIPTION OF THE INVENTION

Embodiments of the present invention are described below throughspecific embodiments. Those skilled in the art can understand otheradvantages and effects of the present invention easily through thedisclosure of the description. The present invention can also beimplemented or applied through additional different specificembodiments. All details in the description can be modified or changedbased on different perspectives and applications without departing fromthe spirit of the present invention. It should be noted that the figuresprovided in the following embodiments only exemplarily explain the basicconception of the present invention, and if there is no conflict, thefollowing embodiments and the features in the embodiments can bemutually combined.

In an industrial edge computing environment, a site device transmitscollected data to an edge node at an edge side, the edge node processesthe data from the site device, then the edge node returns a computingresult to the site device or transmits a preliminary computing result toan industrial cloud platform for further computing and then returns tothe site device. In order to ensure that the computing result of theedge node is correct and the result is not forged or tampered in theprocess of transmission, failed edge nodes are identified and tamper,impersonation, replay and other attacks from malicious nodes areresisted, that is, it is guaranteed that the site device receives atrustworthy computing result, this article proposes an edge computingframework with a trust evaluation function. Trust evaluation of edgenodes is completed by an edge proxy at a network edge, and at thenetwork edge, the response time for processing trust computing isshorter, the execution efficiency is higher, and the network pressure islower, as shown in FIG. 1.

Assuming that the data collected by the site device is trustworthy, thecommunication between the site device and the edge node is trustworthy,and the communication between the site device and the edge proxy istrustworthy, the feedback of the site device is honest. In an industrialedge computing framework with a trust evaluation function, a trustevaluation method for ensuring edge node computing resulttrustworthiness is proposed. In the method, trust evaluation conductedon edge nodes is completed by an edge proxy according to objectiveanalysis on computing results of the edge nodes and in conjunction withthe fuzzy evaluation method and the entropy weight method. By comparingtrust values of the edge nodes with a trust threshold, the edge proxydetermines which edge nodes can receive computing tasks and transmitmessages, thereby reducing untrustworthy data output by the edge side.In the trust evaluation method, the trust threshold is determined by anerror rate of errors allowed to be caused by each edge node set by asecurity administrator.

After a network operates, if a computing result of an edge node needs tobe further computed, in order to ensure that the interactive informationbetween the edge node, the edge proxy and the industrial cloud platformis not tampered so that the site device can receive a trustworthycomputing result, in the solution, the proxy signature scheme based onelliptic curve is used, so a preliminary computing result of atrustworthy edge node can be signed and then transmitted to theindustrial cloud for further processing and then returned to the sitedevice.

A specific trust evaluation flow of this solution is shown in FIG. 2 andFIG. 3.

In this solution, trust is defined as evaluation conducted on edge nodecomputing result trustworthiness by an edge proxy, and a trust value ofan edge node is a quantitative form of long-term behavioral expressionof the edge node. Trust evaluation consists of four modules: evidencecollection, evidence processing, initial trust evaluation and trustupdate. FIG. 4 shows an overall framework and flow of trust evaluation.

Evidence comprises information of three dimensions: three availablefactors for directly evaluating edge node computing results, i.e.accuracy, integrity and timeliness of edge node computing results, usedto compute direct trust values of edge nodes; historical trust values,wherein the edge proxy conducts weighted average on historical trustvalues in sliding windows and then corrects direct trust values;feedback scores given by the site device to the edge node computingresults, wherein the edge proxy obtains a penalty or reward factoraccording to the feedback scores, used to compute final trust values ofedge nodes. The trust evaluation process is divided into computing ofinitial trust values before network operation and update of trust valuesafter network operation. The edge nodes have following five states in atrust evaluation process:

(1) to be added: an edge node to be added has no trust value, at thismoment, the edge node computes to-be-computed data from the edge proxy;

(2) to be operated: the edge proxy computes an initial trust values ofthe edge node, at this moment, the edge node is in an to-be-operatedstate, to wait for an edge node to which the site device transmits data;

(3) operating: the edge proxy transmits a trust identifier of the edgenode to be operated to the site device, a trustworthy edge node computesthe data from the site device, and at this moment, the edge node is inan operating state;

(4) to be examined: after the network operates for a period of time, theedge proxy initiates trust update to the site device; when the edgeproxy conducts trust update after collecting and processing evidencedata, the edge node is in a to-be-examined state, the site device stopstransmitting data to the edge node to be examined, until the site devicereceives the trust identifier;

(5) operating/isolating: after updating the trust value, the edge proxyallocates the trust identifier to the edge node to be examined, andtransmits the trust identifier to the site device; the site devicetransmits data to an edge node of which the trust identifier is greaterthan 0, and at this moment, the edge node is in an operating state; thesite device does not transmit data to an edge node with a trustidentifier equal to 0, and at this moment, the edge node is listed in ablacklist by the edge proxy and is in an isolating state.

1.1 Trust Evaluation Flow

1.1.1 Before Network Operation

Each edge node to be added transmits identity information ID_(Ai) to anedge proxy for registration, a security administrator sets an error rateER_(Ai) of computing errors allowed to be caused by each edge node in anindustrial production environment; the edge proxy marks evidencecollected for which number of times with ε(ε=1, 2, . . . , CN_(τ)), andmarks trust associated information as a trust value computed in whichround with τ(τ∈N), where τ=0 when an initial trust value is evaluated,τ≥1 when a trust value is updated; CN_(τ) represents a total number oftimes of evidence collection required when the edge proxy computes atrust value in a τ^(th) round, and t_(τ) represents time when the edgeproxy starts computing the trust value in the τ^(th) round. Afterverifying an identity of an edge node, the edge proxy starts evaluatingan initial trust value of the edge node.

1 Evidence Collection

The edge proxy starts evaluating the initial trust value of the edgenode at t₀, the edge proxy randomly generates a to-be-computed data setData_(B−0) ^(c−ε)={a⁰⁻⁰ ^(ε), a¹⁻⁰ ^(ε), a²⁻⁰ ^(ε), . . . , a_(l−0)^(ε)}, and generates a result set Data_(B−0) ^(r−ε)={b¹⁻⁰ ^(ε), b²⁻⁰^(ε), b³⁻⁰ ^(ε), . . . , b_(l−0) ^(ε)} after adjacent data are pairwisecomputed as a reference set, wherein this solution specifies that thenumber of times of evidence collection CN₀ required for initial trustvalue evaluation is 3.

The edge proxy transmits a to-be-computed set to the edge node, the edgenode computes and then transmits a computing result set Data_(Ai−0)^(r−ε)={c¹⁻⁰ ^(ε), c²⁻⁰ ^(ε), c³⁻⁰ ^(ε), . . . , c_(l−0) ^(ε)} and acomputing result Hash value set Data_(Ai−0) ^(h−ε)={h¹⁻⁰ ^(ε), h²⁻⁰^(ε), h³⁻⁰ ^(ε), . . . , h_(l−0) ^(ε)} to the edge proxy.

According to the computing result set Data_(Ai−0) ^(r−ε) from the edgenode, the edge proxy computes a Hash value Data_(Ai−0) ^(h′−ε)={h¹⁻⁰^(ε′), h²⁻⁰ ^(ε′), h³⁻⁰ ^(ε′), . . . , h_(l−0) ^(ε′)} correspondingthereto.

The edge proxy records time t_(B−0) ^(s−ε) when the to-be-collected setis transmitted for the ε^(th) time, time t_(b−0) ^(r−ε) when computingis completed, and time t_(Ai−0) ^(r−ε) when a computing result of anedge node Ai is received, where i represents a number of nodes,i=1,2,K,n. FIG. 5 shows an evidence collection process when the edgeproxy evaluates an initial trust value.

2 Evidence Processing

The edge proxy evaluates whether computing results are trustworthyaccording to accuracy, integrity and timeliness of edge node computingresults, these three parameters are available factors for evaluatingedge node computing results, these factors can be regarded astrustworthy evidence of the edge nodes, and these evidences can be usedto evaluate the edge node computing results objectively. These threedata trust evidences are core dimensions for looking for trustrelationships between data items and trusters.

Before the network operates, the edge proxy computes accuracy, integrityand timeliness of an edge node Ai according to a return result of anedge node Ai to be added. The edge proxy processes the collected data asfollows:

(1) accuracy represents a proportion of the number of correct computingresults to the number of total data; an accuracy computing formula ofevidence collection for the ε^(th) time is as follows:

$\begin{matrix}{E_{{Ai} - \tau}^{{ac} - \varepsilon} - \frac{N_{{Ai} - \tau}^{{ac} - \varepsilon}}{l}} & (1)\end{matrix}$

where is N_(Ai−τ) ^(ac−ε) represents identical number in a result setData_(B−τ) ^(r−ε) computed by the edge proxy in evidence collection forthe ε^(th) time and a result set Data_(Ai−τ) ^(r−ε) computed by the edgenode Ai, ε represents evidence collected for the ε^(th) time, τrepresents trust computing in the τ^(th) round, and l represents a dataamount in evidence collection each time;

(2) integrity represents a proportion of the number of complete data tothe number of total data; an integrity computing formula of evidencecollection for the ε^(th) time is as follows:

$\begin{matrix}{E_{{Ai} - \tau}^{{cm} - \varepsilon} - \frac{N_{{Ai} - \tau}^{{cm} - \varepsilon}}{l}} & (2)\end{matrix}$

where N_(Ai−τ) ^(cm−ε) represents identical number in a result Hashvalue set Data_(Ai−τ) ^(h′−ε) computed by the edge proxy in evidencecollection for the ε^(th) time and a result Hash value set Data_(Ai−τ)^(h−ε) computed by the edge node Ai, ε represents evidence collected forthe ε^(th) time, τ represents trust computing in the τ^(th) round, and arepresents a data amount in evidence collection each time;

(3) timeliness represents a difference between a computing efficiency ofthe edge node Ai and a computing efficiency of the edge proxy; atimeliness computing formula of evidence collection for the ε^(th) timeis as follows:

E _(Ai−τ) ^(tm−ε) =T _(Ai−τ) ^(tm−ε) −T _(B−τ) ^(tm−ε)  (3)

where T_(Ai−τ) ^(tm−ε) represents a computing efficiency of the edgenode in evidence collection for the ε^(th) time; T_(B−τ) ^(tm−ε)represents a computing efficiency of the edge proxy in evidencecollection for the ε^(th) time, and τ represents trust computing in theτ^(th) round.

When the edge proxy evaluates the initial trust value, the edge proxycomputes a computing efficiency

$E_{{Ai} - 0}^{{tm} - \varepsilon} - \frac{t_{{Ai} - 0}^{r - \varepsilon} - t_{B - 0}^{s - \varepsilon}}{l}$

of CN₀ edge nodes and a computing efficiency

$E_{B - 0}^{{tm} - \varepsilon} - \frac{t_{B - 0}^{r - \varepsilon} - t_{B - 0}^{s - \varepsilon}}{l}$

of the edge proxy according to the time t_(B−τ) ^(s−ε) when theto-be-collected set is transmitted for ε^(th) time, the time t_(B−τ)^(r−ε) when computing of the to-be-computed set is completed, and thetime t_(Ai−τ) ^(r−ε) when a computing result of an edge node Ai isreceived, substitutes the results into formula (3), and computes toobtain timeliness of the CN₀, edge nodes Ai.

When evaluating the initial trust value, the edge proxy processesevidence collected for three times by means of formula (1), formula (2)and formula (3), to obtain three values of each of accuracy, integrityand timeliness of the edge nodes Ai to be added, as shown in Table 1.

TABLE 1 Direct Trust Factors of Edge Node Ai Accuracy IntegrityTimeliness The first E_(Ai−0) ^(ac−1) E_(Ai−0) ^(cm−1) E_(Ai−0) ^(tm−1)time The E_(Ai−0) ^(ac−2) E_(Ai−0) ^(cm−2) E_(Ai−0) ^(tm−2) second timeThe third E_(Ai−0) ^(ac−3) E_(Ai−0) ^(cm−3) E_(Ai−0) ^(tm−3) time

3 Initial Trust Evaluation

1) Computing Initial Trust Value

A direct trust value is a quantization value that indicates an abilityof the edge node to complete a request task and is based on aninteractive record history between the edge proxy and the edge node.When the edge proxy computes the initial trust value of the edge node,the edge node is in a to-be-operated state. The edge proxy conductsfuzzy evaluation on direct trust factors of edge nodes to be operatedrespectively, steps of computing direct trust values are as follow:

(a) determining a factor set E={E_(Ai−τ) ^(ac−ε), E_(Ai−τ) ^(cm−ε),E_(Ai−τ) ^(cm−ε)}, and an evaluation set V={V₁, V₂, V₃}, where V₁represents untrustworthiness, V₂ represents uncertainty, and V₃represents trustworthiness; it is stipulated that μ^(un) is anuntrustworthy membership degree, and 0≤μ^(un)<β_(u); μ^(in) is anuncertain membership degree, and β_(u)≤μ^(in)<β_(c); μ^(cr) is atrustworthy membership degree, and β_(c)≤μ_(cr)≤1, where β_(u) isuntrustworthy threshold and β_(c) is trustworthy threshold; the edgeproxy computes membership degrees of accuracy, integrity and timeliness,computing formulae are as follows:

{circle around (1)} computing formula of membership degree of accuracyin evidence collection for the ε^(th) time is as follows:

$\mu_{1 - \tau}^{\varepsilon} = \{ \begin{matrix}{0,} & {E_{{Ai} - \tau}^{{ac} - \varepsilon} = 0} \\{\lbrack {1 + {10( {1 - E_{{Ai} - \tau}^{{ac} - \varepsilon}} )^{2}}} \rbrack^{- 1},} & {0 < E_{{Ai} - \tau}^{{ac} - \varepsilon} \leq 1}\end{matrix} $

{circle around (2)} computing formula of membership degree of integrityin evidence collection for the ε^(th) time is as follows:

$\mu_{2 - \tau}^{\varepsilon} = \{ \begin{matrix}{0,} & {E_{{Ai} - \tau}^{{cm} - \varepsilon} = 0} \\{\lbrack {1 + {10( {1 - E_{{Ai} - \tau}^{{cm} - \varepsilon}} )^{2}}} \rbrack^{- 1},} & {0 < E_{{Ai} - \tau}^{{cm} - \varepsilon} \leq 1}\end{matrix} $

{circle around (3)} computing formula of membership degree of timelinessin evidence collection for the ε^(th) time is

${\mu_{3 - \tau}^{\varepsilon} = \lbrack {1 + {\gamma \times ( E_{{Ai} - \tau}^{{tm} - c} )^{2}}} \rbrack^{1}},{{{where}\gamma} = {\frac{\begin{matrix}{{CPU}{clock}{speed}{of}} \\{{edge}{proxy}}\end{matrix}}{\begin{matrix}{{CPU}{clock}{speed}{of}} \\{{edge}{edge}}\end{matrix}}:}}$

(b) computing proportions of membership degrees corresponding toaccuracy, integrity and timeliness in trust computing in the τ^(h) roundbelonging to V₁, V₂, V₃, which are {r_(11 τ), r_(12 τ), r_(13 τ)},{r_(21 τ), r_(22 τ), r_(23 τ)} and {r_(31 τ), r_(32 τ),r_(33 τ)}respectively, for example,

${r_{11 - \tau} = \frac{N( \mu_{1 - \tau}^{{un} - \varepsilon} )}{{CN}_{\tau}}},$

where N(μ_(1−τ) ^(un−ε) represents the number of accuracy membershipdegrees of CN_(τ) accuracy membership degrees within an untrustworthymembership degree range; the edge proxy obtains a judgment matrix

${R_{\tau} = \begin{bmatrix}r_{11 - \tau} & r_{12 - \tau} & r_{13 - \tau} \\r_{21 - \tau} & r_{22 - \tau} & r_{23 - \tau} \\r_{31 - \tau} & r_{32 - \tau} & r_{33 - \tau}\end{bmatrix}};$

(c) computing weight corresponding to accuracy, integrity and timelinessusing the entropy weight method, the computing steps being as follows:

{circle around (1)} forming a matrix by CN_(τ) membership degreesμ_(1−τ) ^(ε), μ_(2−τ) ^(ε), μ_(3−τ) ^(ε) corresponding to accuracy,integrity and timeliness:

$\begin{bmatrix}\mu_{1 - \tau}^{1} & \ldots & \mu_{1 - \tau}^{\varepsilon} & \ldots & \mu_{1 - \tau}^{{CN}_{\tau}} \\\mu_{2 - \tau}^{1} & \ldots & \mu_{2 - \tau}^{\varepsilon} & \ldots & \mu_{2 - \tau}^{{CN}_{\tau}} \\\mu_{3 - \tau}^{1} & \ldots & \mu_{3 - \tau}^{\varepsilon} & \ldots & \mu_{3 - \tau}^{{CN}_{\tau}}\end{bmatrix};$

{circle around (2)} computing information entropy corresponding toaccuracy, integrity and timeliness:

${E_{j - \tau} = {{- ( {\ln{CN}_{\tau}} )^{- 1}}{\sum_{s - 1}^{{CN}_{\tau}}{( p_{j - \tau}^{\varepsilon} ){\ln( p_{j - \tau}^{\varepsilon} )}}}}},{where}$${p_{j - \tau}^{\varepsilon} = \frac{\mu_{j - \tau}^{\varepsilon}}{\sum_{\varepsilon - 1}^{{CN}_{\tau}}\mu_{j - \tau}^{\varepsilon}}},{( {{j = 1},2,3} );}$

{circle around (3)} computing weight corresponding to accuracy,integrity and timeliness:

${\alpha_{j - \tau} = \frac{1 - E_{j - \tau}}{3 - {\sum_{j = 1}^{3}E_{j - \tau}}}},$

in order to avoid the condition where the weight is zero when the degreeof dispersion of a certain factor is too small, weight rangescorresponding to accuracy, integrity and timeliness are a₁ ∈ [0.5,0.8],a₂∈[0.01,0.2] and a₃ε[0.2,0.4] respectively, where a₁>a₃>a₂; when theweight obtained using the entropy weight method is not within thespecified range, the maximum value or minimum value of the correspondingrange is taken, actual weight is

${\alpha_{j - \tau}^{\prime} = \frac{\alpha_{j - \tau}}{\alpha_{1 - \tau}{❘\alpha_{2 - \tau}❘}\alpha_{3 - \tau}}},{{A_{\tau} = \{ {\alpha_{1 - \tau}^{\prime},\alpha_{2 - \tau}^{\prime},\alpha_{3 - \tau}^{\prime}} \}};}$

(d) computing a judgment result Z_(A−τ)=A_(τ)*R_(τ)={z_(1−τ), z_(2−τ),z_(3−τ)}, there being following three cases:

{circle around (1)} when z_(1−τ) is the maximum, the edge node Ai isuntrustworthy, the edge proxy does not compute an average membershipdegree of accuracy, integrity and timeliness;

{circle around (2)} when z_(2−τ) is the maximum, the edge node Ai isuncertain in trust, the edge proxy computes means of membership degreeswithin a range [β_(u), β_(c)) corresponding to accuracy, integrity andtimeliness, which are

${\overset{\_}{\mu_{1 - \tau}} - \frac{\sum_{\varepsilon - 1}^{{CN}_{\tau}}\mu_{1 - \tau}^{{in} - \varepsilon}}{N( \mu_{1 - \tau}^{{in} - \varepsilon} )}},{\overset{\_}{\mu_{2 - \tau}} - \frac{\sum_{\varepsilon - 1}^{{CN}_{\tau}}\mu_{2 - \tau}^{{in} - \varepsilon}}{N( \mu_{2 - \tau}^{{in} - \varepsilon} )}},{\overset{\_}{\mu_{3 - \tau}} - \frac{\sum_{\varepsilon - 1}^{{CN}_{\tau}}\mu_{3 - \tau}^{{in} - \varepsilon}}{N( \mu_{3 - \tau}^{{in} - \varepsilon} )}},$

where a denominator represents the number of membership degrees of allfactors within the range [β_(u), β_(c)) and a numerator represents thesum of membership degrees of all factors within the range [β_(u),β_(c)); μ_(1−τ) ^(in−ε) is the membership degree of the accuracy of theτ^(th) evidence collection within the range [β_(u), β_(c)), μ_(2−τ)^(in−ε) is the membership degree of the integrity of the τ^(th) evidencecollection within the range [β_(u), β_(c)), μ_(3−τ) ^(in−ε) is themembership degree of the timeliness of the τ^(th) evidence collectionwithin the range [β_(u), β_(c));

{circle around (3)} when z_(3−τ) is the maximum, the edge nodes Ai istrustworthy, the edge proxy computes means of membership degrees withina range [β_(c), 1) corresponding to accuracy, integrity and timeliness,which are

${\overset{\_}{\mu_{1 - \tau}} - \frac{\sum_{\varepsilon - 1}^{{CN}_{\tau}}\mu_{1 - \tau}^{{cr} - \varepsilon}}{N( \mu_{1 - \tau}^{{cr} - \varepsilon} )}},{\overset{\_}{\mu_{2 - \tau}} - \frac{\sum_{\varepsilon - 1}^{{CN}_{\tau}}\mu_{2 - \tau}^{{cr} - \varepsilon}}{N( \mu_{2 - \tau}^{{cr} - \varepsilon} )}},{\overset{\_}{\mu_{3 - \tau}} - \frac{\sum_{\varepsilon - 1}^{{CN}_{\tau}}\mu_{3 - \tau}^{{cr} - \varepsilon}}{N( \mu_{3 - \tau}^{{cr} - \varepsilon} )}},$

where a denominator represents the number of membership degrees of allfactors within the range [β_(c), 1) and a numerator represents the sumof the membership degrees of all factors within the range [β_(c), 1):μ_(1−τ) ^(cr−ε) is the membership degree of the accuracy of the τ^(th)evidence collection within the range [β_(c), 1), μ_(2−τ) ^(cr−ε) is themembership degree of the integrity of the τ^(th) evidence collectionwithin the range [β_(c), 1), μ_(3−τ) ^(cr−ε) is the membership degree ofthe timeliness of the τ^(th) evidence collection within the range[β_(c), 1);

(e) the edge proxy computes a direct trust value Trust_(Ai−τ) ^(cd) ofthe edge node Ai according to the average membership degree of accuracy,integrity and timeliness, and the weight thereof, the computing formulabeing as follows:

Trust_(Ai−τ) ^(cd) =a′ _(1−τ) μ_(1−τ) |a′ _(2−τ) μ_(2−τ) |a′ _(3−τ)μ_(3−τ)   (4)

Since the edge nodes to be operated have no historical trust values andfeedback scores, at this moment, the initial direct trust value is thefinal trust value, and the final trust value before the edge node Aioperates is Trust_(Ai−) ^(u)=Trust_(Ai−0) ^(cd).

2) Computing Trust Identifier

Table 2 is an edge node trust level table in which trust is divided intothree levels, namely an untrustworthy level, an uncertain level and atrustworthy level.

TABLE 2 Trust Level Trust Trust Value Trust Level Description Range 1Untrustworthy [0, β_(u)) 2 Uncertain [β_(u), β_(c)) 3 Trustworthy[β_(c), 1]

A threshold of the untrustworthy level is β_(u), a threshold of thetrustworthy level is β_(c), 0<β_(u)<β_(c)≤1, andβ_(c)=[1+10(ER_(Ai))²]⁻¹, β_(u)=β_(c)−0.2, where ER_(Ai) represents anerror rate of computing errors allowed to be caused by each edge node Aiin an industrial production environment occasionally due to mistake,0≤ER_(Ai)<30%, the greater the β_(u) and β_(c), the sensitive the systemto incorrect computing results. The security administrator sets an errorrate of errors allowed to be caused by each edge node in an industrialproduction environment, and the edge proxy computes corresponding β_(u)and β_(c) according to the error rate, as shown in Table 3.

TABLE 3 Values of β_(u), β_(c) (give an example) Error rate • β_(u)β_(c) 0 0.80 1.00 10% 0.70 0.90 20% 0.51 0.71

The edge proxy computes a trust identifier of an edge node Ai to beoperated according to a judgment result, the rules are as follows:

(a) for an edge node of which the trust value level is a trustworthylevel, in order to prevent a malicious node from cheating trust, theedge proxy replaces a trust value of the edge node with a trustworthylevel with

$\frac{\beta_{3\varepsilon} + \beta_{c}}{2},$

that is, degrades the edge node with a trustworthy level to an edge nodewith an uncertain level;

(b) for an edge node of which the trust value level is an uncertainlevel, the edge proxy allocates a trust identifier TI_(Ai−0)=1 of aninitial trust value to the edge node, computes valid time TI_(Ai−0) ^(v)of the initial trust identifier according to formula (5), and storesinitial trust associated information locally according to a datastructure in Table 4;

a computing formula of the valid time T_(Ai−0) ^(v) of the trustidentifier of the initial trust value is as follows:

T _(Ai−0) ^(v)=5i×CN ₀× T _(Ai−0) ×l+5ΔT  (5)

where i represents a number of on-line edge nodes, CN₀ represents anumber of times of evidence collection in initial trust evaluation,T_(Ai−0) represents an average computing efficiency

$T_{{Ai} - 0} = \frac{\sum_{s = 1}^{{CN}_{0}}T_{{Ai} - 0}^{{tn} - \varepsilon}}{{CN}_{n}}$

of edge nodes Ai, I represents a data amount of evidence collection eachtime, ΔT represents a time interval between trust updates, and the validtime is in second; if a trust identifier of an edge node is expired, theedge proxy lists the edge node in a blacklist;

TABLE 4 Initial Trust Associated Data of Edge Node Ai Accuracy IntegrityTimeliness Node membership membership membership Initial identity degreedegree degree trust Trust Valid Time identifier mean mean mean valueidentifier time t₀ ID_(Al) μ₁₋₀ μ₂₋₀ μ₃₋₀ Trust_(Ai-0) 

TI_(Ai-0) T_(Ai-0) ^(v)

indicates data missing or illegible when filed

(c) for an edge node of which the trust level is an untrustworthy level,that is, an edge node of which the z_(1−τ) is the maximum, to avoidevaluation errors, the edge proxy repeats the above-mentioned steps ofevidence collection, evidence processing and trust evaluation toevaluate the initial trust value thereof twice, if the trust value isstill untrustworthy after being evaluated twice, reports to the securityadministrator to replace the edge node, and computes an initial trustvalue of the replaced edge node to be added.

The edge proxy transmits the trust identifier to a site device, the sitedevice checks the trust identifier of the edge node to be operated andtransmits data to an edge node with a trust identifier greater than 0,and then the edge node is in an operating state.

1.1.2 After Network Operation

1 Evidence Collection

After a network operates for ΔT time, the edge proxy initiates an updatetrust request to the site device, the edge proxy starts to collect thecollected data of the site device, a computing result of the edge nodeand a Hash value thereof, and a feedback score from the site device,records response time and a historical direct trust value of the edgenode. After the edge proxy initiates the trust update request, the edgeproxy conducts each evidence collection in following two cases:

case 1: the edge node directly returns the computing result to the sitedevice, and the site device transmits the computing result of the edgenode and the Hash value thereof to the edge proxy; as shown in FIG. 6;and

case 2: after preliminary computing, the edge node transmits thecomputing result and the Hash value thereof to the edge proxy, the edgeproxy collects evidence and uploads the computing result of the edgenode, trust identifier and signature to an industrial cloud, theindustrial cloud checks the trust identifier of the edge node andverifies the signature and then further processes a preliminarycomputing result of the edge node, the industrial cloud transmits thecomputing result and the signature to the edge proxy, the edge proxyverifies the signature and then transmits the computing result to thesite device, as shown in FIG. 7.

The edge proxy collects evidence data in the above two cases, andcollects l evidence data as one evidence collection; each round of trustupdate requires evidence collection for CN_(τ) times, and the edge nodeis in an operating state at this moment; the edge proxy records thenumber of times of evidence collection with ε(ε=1, 2, . . . , CN_(τ));during the τ^(th) round of trust update, the edge proxy collectsevidence for CN_(τ) times and then conducts evidence processing andtrust update operations; a time interval between every two rounds oftrust updates is ΔT; a computing formula of the number of times ofevidence collection CN_(τ) required for the τ^(th) round of trust updateis specified as follows:

CN _(τ)=[6×arctan[0.5×TI _(Ai−(τ−1)]])  (6)

The edge proxy computes the number of times of evidence collectionCN_(τ), required for the τ^(th) round of trust update according to thetrust identifier of the (τ−1)^(th) time; the edge proxy rapidly updatesthe trust value of the edge node when the trust identifier is small andthe number of times of evidence collection is less; at the initial stageof network operation, the number of times of evidence collectionincreases with the increase of the number of trustworthy times, in orderto update the trust value in time and reduce trust computing amount, thenumber of times of evidence collection cannot be infinitely increased,and the maximum value of the number of times of evidence collection

${{CN}_{\tau}{is}\lceil {6 \times \frac{\pi}{2}} \rceil} = 10.$

1) Direct Trust Factor Collection

The site device transmits the collected data a_(0−τ) ^(ε) to the edgeproxy and the edge node Ai simultaneity, the site device transmits apiece of data every Δt, and the edge proxy and the edge node startprocessing after receiving the second collected data; the edge proxyprocesses a computing result of the data collected in two consecutivetimes as b_(ϑ−τ) ^(ε), the edge node Ai processes a computing result ofthe data collected in two consecutive times as c_(ϑ−τ) ^(ε), ϑrepresents a serial number of evidence collected in each evidencecollection, (ϑ=1, 2, . . . , l); during each evidence collection, thesite device needs to transmit (l|1) data, and the data transmitted bythe site device form a set Data_(D−τ) ^(c−ε)={a_(0−τ) ^(ε), a_(1−τ)^(ε), a_(2−τ) ^(ε), . . . , a_(l−τ) ^(ε)}.

At t_(τ), the edge proxy starts the τ^(th) round of trust update, theedge proxy collects evidence for CN_(τ) times in total, l data evidencecollected for the ε^(th) time including a computing result Data_(B−τ)^(r−ε)={b_(1−τ) ^(ε), b_(2−τ) ^(ε), . . . , b_(ϑ−τ) ^(ε), . . . ,b_(l−τ) ^(ε)} of the edge proxy, a computing result Data_(Ai−τ)^(r−ε)={c_(1−τ) ^(ε), c_(2−τ) ^(ε), . . . , c_(ϑ−τ) ^(ε), . . . ,c_(l−τ) ^(ε)} of the edge node Ai and a Hash value Data_(Ai−τ)^(h−ε)={h_(1−τ) ^(ε), h_(2−τ) ^(ε), . . . , h_(ϑ−τ) ^(ε), . . . ,h_(l−τ) ^(ε)} thereof, and a corresponding Hash value Data_(Ai−τ)^(h′−ε)={h_(1−τ) ^(ε′), h_(2−τ) ^(ε′), . . . , h_(ϑ−τ) ^(ε′), . . . ,h_(l−τ) ^(ε)} computed by the edge proxy according to the computingresult set Data_(Ai−τ) ^(r−ε) of the edge node Ai; the edge proxyrecords time t_(B+τ) ^(s−ε) of transmitting the first data by the sitedevice when collecting evidence for the ε^(th) time, time t_(B−τ) ^(r−ε)of computing the l^(th) result by the edge proxy, and time t_(Ai−τ)^(r−ε) of computing the l^(th) result by the edge node Ai. FIG. 8 showsa process of evidence collection in the τ^(th) round of trust update.

2) Historical Direct Trust Value Collection

Because trust dynamically changes with time, in order to avoid maliciousacts, the edge proxy uses a historical direct trust value to correct adirect trust value, so the direct trust value is more accurate.Therefore, the edge proxy uses a sliding window to store the historicaldirect trust value so as to reduce the influence of the old direct trustvalue on the new direct trust value. Each edge node has a slidingstorage window, the larger the window, the more the storage andcomputing overhead, so a short and small sliding storage window caneffectively limit the amount of trust computing and improve theefficiency of trust evaluation.

As shown in FIG. 9, the sliding storage window includes u panes, eachpane retains a historical direct trust value, that is, a direct trustvalue before the τ^(th) round of trust update is stored in the slidingstorage window; a direct trust value stored in the k pane isTrust_(Ai−(τ−u+k−1) ^(cd); only when each pane has a direct trust value,the window begins to move, and moves one pane every time; a new directtrust value is added into the window after the trust is updated, whilean expired direct trust value is extruded out of the window; during theτ^(th) round of trust update, direct trust values from the (τ−u)^(th)round of trust update to the (τ−1)^(th) round of trust update are storedin the window, and a direct trust value of the τ^(th) round is stored inthe sliding storage window after the τ^(th) round of trust update; whena trust identifier of the edge node Ai is equal to 0, the edge node isregarded as a malicious node, and the edge proxy deletes a slidingstorage window thereof

3) Feedback Score Collection

The edge proxy updates a final trust value of an edge node in anoperating state and also needs to take into account a feedback scoregiven to a computing result of the edge node by the site device; a ruleof giving scores to edge nodes by the site device is as follows: if asafety accident occurs, the site device feeds back d_(ϑ τ) ^(ε)=−1regardless whether a trust update is being conducted, and the edge proxylists an edge node corresponding to the feedback score in a blacklist;otherwise, the site device feeds back scores given to computing results:bad review d_(ϑ−τ) ^(ε)=0 and good review d_(ϑ−τ) ^(ε)=1.

The site device feeds back the scores given to the computing results tothe edge proxy, during the τ^(th) round of trust update, the edge proxycollects for CN_(τ) times and collects l feedback scores each time, anda feedback score collected by the edge proxy for the ε^(th) time isData_(Ai−τ) ^(f−ε)−{d_(1−τ) ^(ε), d_(2−τ) ^(ε), . . . , d_(ϑ−τ) ^(ε), .. . , d_(l−τ) ^(ε)} including scores given, by the site device, tocomputing results directly returned by v edge nodes to the site deviceand scores given, by the site device, to computing results transmittedby (l−v) edge nodes to the industrial cloud for processing and thenreturned to the site device; a proxy signature based on elliptic curveis used to make the communication between the edge nodes and theindustrial cloud trustworthy, no matter the computing results receivedby the site device come from the edge nodes or the industrial cloud, theobjects to which the site device feeds back scores are edge nodes.

2 Evidence Processing

1) Direct Trust Factor Processing

After collecting evidence for CN_(τ) times, the edge proxy respectivelycomputes accuracy, integrity and timeliness of an edge node Ai duringeach evidence collection in the τ round of trust update;

(a) the edge proxy computes accuracy of the edge node Ai according toformula (1);

(b) the edge proxy computes integrity of the edge node Ai according toformula (2);

(c) according to the time t_(D−τ) ^(s−ε) of transmitting the first databy the site device when collecting evidence for the ε^(th) time, thetime t_(D−τ) ^(r−ε) of computing the l^(th) result by the edge proxy,and the time t_(Ai−τ) ^(r−ε) of computing the l^(th) result by the edgenode Ai, the edge proxy computes a computing efficiency

$T_{{Ai} - \tau}^{{tm} - \varepsilon} = \frac{t_{{Ai} - \tau}^{r - \varepsilon} - t_{D - \tau}^{s - \varepsilon}}{l}$

of the edge node and a computing efficiency

$T_{B - \tau}^{{tm} - \varepsilon} = \frac{t_{B - \tau}^{r - \varepsilon} - t_{D - \tau}^{s - \varepsilon}}{l}$

of the edge proxy, substitutes T_(Ai−τ) ^(in−ε), T_(B−τ) ^(tm−ε) intoformula (3), and compute timeliness of the edge node Ai.

When conducting the τ^(th) round of trust update, the edge proxyprocesses the collected direct trust factors by means of formula (1),formula (2) and formula (3), to obtain CN_(τ) values of each ofaccuracy, integrity and timeliness of an edge node Ai to be examined, asshown in Table 5.

TABLE 5 CN_(τ) Direct Trust Factors of Edge Node Ai Accuracy IntegrityTimeliness The first E_(Ai−τ) ^(ac−1) E_(Ai−τ) ^(cm−1) E_(Ai−τ) ^(tm−1)time The second E_(Ai−τ) ^(ac−2) E_(Ai−τ) ^(cm−2) E_(Ai−τ) ^(tm−2) time. . . . . . . . . . . . The ε time E_(Ai−τ) ^(ac−ε) E_(Ai−τ) ^(cm−ε)E_(Ai−τ) ^(tm−ε) . . . . . . . . . . . . The CN_(τ) E_(Ai−τ) ^(ac−CNτ)E_(Ai−τ) ^(cm−CNτ) E_(Ai−τ) ^(tm−CNτ) time

2) Historical Trust Value Processing

Because the latest trust value has more influence than the previoustrust value, for weight factors of historical direct trust values atdifferent time, there is a need to take into account a time factor, thatis, the longer the time of the trust value, the lower the proportion. Aweight of the k^(th) pane of the sliding storage window is:

φ_(k−c) ^(∓ρ(c−k))  (7)

where ρ represents an attenuation coefficient which is 0.3; if thesliding storage window is not fully stored, u is the number of actualhistorical direct trust values;

according to the historical direct trust value and weight thereof in thesliding storage window, the edge proxy computes a weighted averagehistorical trust value Trust_(Ai−τ) ^(hd) of the edge node Ai in theτ^(th) round of trust update;

$\begin{matrix}{{Trust}_{{Ai} - \tau}^{lui} = \frac{\sum_{R = 1}^{u}{\varphi_{k} \times {Trust}_{{Ai} - {({\varepsilon - u + k - 1})}}^{cd}}}{\sum_{k = 1}^{u}\varphi_{k}}} & (8)\end{matrix}$

3) Feedback Score Processing

For an edge node with a feedback score of −1, the security administratorreplaces the edge node with an edge node to be added, and the edge proxyrepeats an initial trust value computing step, to evaluate an initialtrust value of the edge node to be added.

According to the feedback score, the edge proxy computes reward andpenalty factors of the edge node Ai in the τ^(th) round of trust update;and according to a difference ΔN_(Ai−τ) ^(ε)=N_(Ai−τ)^(g−ε)−[l×(1−ER_(Ai))] between the total number of times of good reviewN_(Ai−τ) ^(g ε) during evidence collection for the ε^(th) time and theminimum required number of correct computing results, the edge proxycomputes a reward factor E_(Ai−τ) ^(g−ε) and a penalty factor E_(Ai−τ)^(b−ε) corresponding to the evidence collection for the ε^(th) time,where N_(Ai−τ) ^(g−ε)=Σ_(ϑ=1) ^(l)d_(ϑ−τ) ^(ε), ER_(Ai) is the errorrate that the edge node is allowed to calculate in an industrialproduction environment.

If ΔN_(Ai−τ) ^(ε)≥0, the reward factor and penalty factor correspondingto the evidence collection for the ε^(th) time are E_(Ai−τ)^(g−ε)=0.3└(1+e^(−ΔN) ^(Ai−τ) ^(ε) )⁻¹−0.5┘ and E_(Ai−τ) ^(b−ε)=0respectively; otherwise, the reward factor and penalty factorcorresponding to the evidence collection for the ε^(th) time areE_(Ai−τ) ^(g ε)=0 and E_(Ai−τ) ^(b−ε)=0.4[(1+e^(ΔN) ^(Ai−τ) ^(ε))⁻¹−0.5] respectively; the reward degree is small and the penalty degreeis large, which reflects the characteristic that the trust value isslowly increased and quickly decreased. The edge proxy computes a finalreward or penalty factor E_(Ai−τ) ^(f) according to the reward andpenalty factors in the ε^(th) round of trust update:

$\begin{matrix}{E_{{Ai} - \tau}^{f} = \{ \begin{matrix}{0,} & {{\exists d_{\vartheta - \tau}^{\varepsilon}} = {- 1}} \\{\frac{\sum_{\varepsilon = 1}^{{CN}_{i}}\lbrack {E_{{Ai} - \tau}^{\vartheta - \varepsilon} + E_{{Ai} - \tau}^{b - \varepsilon}} \rbrack}{{CN}_{\tau}},} & {\forall{d_{\vartheta - \tau}^{\varepsilon} \neq 1}}\end{matrix} } & (9)\end{matrix}$

Good feedback from the field device increases the trust value of theedge node Ai and bad feedback rapidly decreases the trust value of theedge node Ai; if there is safety accident feedback from the site device,E_(Ai−τ) ^(f) appears as a penalty factor, E_(Ai−τ) ^(f)=0; if there isno safety accident feedback, E_(Ai−τ) ^(f)>0 represents reward, E_(Ai−τ)^(f)<0 represents penalty, and E_(Ai−τ) ^(f)−0 represents neither rewardnor penalty.

3 Trust Update

According to the direct trust value, historical trust value and feedbackscores, the edge proxy updates the trust value of the edge node, theedge node is in a to-be-examined state at this moment.

Since an insider attack occurs at a given time, a trust evaluationmechanism does not require too frequent trust updates, moreover,frequent trust updates take up more transmission and computingresources. A time interval between every two rounds of trust update isΔT.

1) Computing Direct Trust Value

The edge proxy repeats the step of computing a direct trust value whenevaluating initial trust, and computes a direct trust value Trust_(Ai−τ)^(cd) of the edge node Ai to be examined of which the judgment result istrustworthy or uncertain in the τ^(th) round of trust update by means offormula (4); for an edge node to be examined of which the judgmentresult is untrustworthy, the edge proxy directly lists the edge node ina blacklist.

2) Correcting Direct Trust Value

Before computing the final trust value, the edge proxy needs to correctthe direct trust value by using the weighted average historical directtrust value; the edge proxy weights and aggregates Trust_(Ai−τ) ^(cd)and Trust_(Ai−τ) ^(hd) of the edge node Ai to obtain a corrected directtrust value Trust_(Ai−τ) ^(d) of the edge node Ai in the τ^(th) round oftrust update:

Trust_(Ai−τ) ^(d)=δTrust_(Ai−τ) ^(cd)+(1−δ)×Trust_(Ai−τ) ^(hd)  (10)

where δ is used to balance proportions of current trust and historicaltrust, and δ is defined as follows:

$\begin{matrix}{\delta = \{ \begin{matrix}{\delta_{1},} & {{Trust}_{{Ai} - \tau}^{cd} \geq {Trust}_{{Ai} - \tau}^{hd}} \\{\delta_{2},} & {{Trust}_{{Ai} - \tau}^{cd} < {Trust}_{{Ai} - \tau}^{hd}}\end{matrix} } & (11)\end{matrix}$

where 0<δ₁<δ₂<1, it is specified that δ₁=0.3, δ₂=0.7, the value of δ₁ issmall, to prevent the edge node from accumulating trust thereof quickly,and the value of δ₂ is large, which reflect a penalty for a maliciousact of the edge node.

3) Updating Final Trust Value

According to the reward or penalty factor computed in formula (9), theedge proxy computes a final trust value of the edge node to be examined.

A computing formula of the final trust value Trust_(Ai−τ) ^(u) of theedge node Ai in the τ^(th) round of trust update is as follows:

$\begin{matrix}{{Trust}_{{Ai} - \tau}^{u} = \{ \begin{matrix}{{E_{{Ai} - \tau}^{f} \times {Trust}_{{Ai} - \tau}^{d}},} & {{\exists d_{\vartheta - \tau}^{\varepsilon}} = {- 1}} \\{{E_{{Ai} - \tau}^{f} + {Trust}_{{Ai} - \tau}^{d}},} & {\forall{d_{\vartheta - \tau}^{\varepsilon} \neq {- 1}}}\end{matrix} } & (12)\end{matrix}$

If a certain feedback score is −1, the final trust value of the edgenode Ai in the τ^(th) round of trust update is equal to 0; otherwise,the final trust value of the edge node Ai in the τ^(th) round of trustupdate is equal to a corrected direct trust value of the edge node Aiplus a reward or penalty factor.

4) Computing Trust Identifier

After trust update, the edge proxy compares the final trust value of theedge node to be examined with a trust threshold (trust critical value)in Table 2-trust level table, and then computes a trust identifier ofthe edge node Ai according to the judgment result and the final trustvalue, rules are as follows:

(a) for an edge node of which the trust value level is a trustworthylevel, the edge proxy computes a trust identifier TI_(Ai−τ) thereofaccording to formula (13), computes valid time T_(Ai−τ) ^(v) of thetrust identifier according to formula (14), and then stores trustassociated information thereof locally according to a data structure inTable 6;

a specific computing formula of the trust identifier of the edge node Aiin the τ^(th) round of trust update is as follows:

$\begin{matrix}{{TI}_{{Ai} - \tau} = \{ \begin{matrix}{0,} & {{Trust}_{{Ai} - \tau}^{d} < \beta_{u}} \\{{TI}_{{Ai} - {({\tau - 1})}},} & {\beta_{u} \leq {Trust}_{{Ai} - \tau}^{d} < \beta_{c}} \\{{{TI}_{{Ai} - {({\tau - 1})}} + 1},} & {{Trust}_{{Ai} - \tau}^{d} \geq \beta_{c}}\end{matrix} } & (13)\end{matrix}$

a computing formula of the valid time T_(Ai−τ) ^(v) of the trustidentifier of the trust value is as follows:

T _(Ai−τ) ^(v)=6 ×CN _(τ) ×l×( T _(Ai−τ) +Δt)+TI _(Ai−τ) ×ΔT  (14)

where CN_(τ) represents a number of times of evidence collectionrequired in the τ^(th) round of trust update, l represents a data amountof evidence collection each time, T_(Ai−τ) represents an averagecomputing efficiency

$\overset{\_}{T_{{Ai} - \tau}} = \frac{\sum\limits_{\varepsilon = 1}^{{CN}_{\tau}}T_{{Ai} - \tau}^{{tm} - \varepsilon}}{{CN}_{\tau}}$

of edge nodes Ai, Δt represents a time interval at which the site devicetransmits data, ΔT represents a time interval between trust updates, andthe valid time is in second; if a trust identifier of an edge node isexpired, the edge proxy lists the edge node in a blacklist.

TABLE 6 Trust Associated Data of Edge Node Ai Accuracy IntegrityTimeliness Node membership membership membership Corrected Reward Finalidentity degree degree degree direct trust and trust Trust Valid Timeidentifier mean mean mean value penalty value identifier time t_(τ)ID_(Al) μ_(1-τ) μ_(2-τ) μ_(3-τ) Trust_(Ai-τ) ^(d) E_(Ai-τ) ^(f)Trust_(Ai-τ) ^(u) TI_(Al-τ) T_(Ai-τ) 

indicates data missing or illegible when filed

(b) For an edge node of which the trust level is an uncertain level, atrust identifier thereof is unchanged; the edge proxy checks the trustidentifier thereof, and if the number of times of continuous equality ofthe trust identifier is less than 3, the edge proxy allows the edge nodeto operate; otherwise, the edge proxy lists the edge node in ablacklist, and then the edge node is in an isolation state.

(c) For an edge node of which the trust level is an untrustworthy level,the edge proxy lists the edge node in a blacklist directly, and then theedge node is in an isolation state; the edge proxy broadcasts identityinformation about the edge node in the blacklist and a trust identifier0 thereof, and reports to the security administrator to replace the edgenode; after the security administrator replaces the isolated edge nodewith an edge node to be added, the edge proxy repeats an initial trustvalue computing step, to evaluate an initial trust value of the edgenode to be added.

The edge proxy transmits the trust identifier to the site device, thesite device decides whether to transmit data according to the trustidentifier of the edge node, and transmits data to an edge node with atrust identifier greater than 0 rather than to an edge node with a trustidentifier equal to 0.

After ΔT time, the edge proxy repeatedly executes the steps of evidencecollection, evidence processing and trust update, and so on, as shown inFIG. 3.

1.2 Example

Before the network operates, this solution sets parameters, as shown inTable 7.

TABLE 7 Parameter Values Data amount l in evidence collection each 10time Time interval Δt at which site device 1 transmits data Averagecomputing time T_(Ai−τ) of edge 0.01 nodes Ai Number u of panes ofsliding storage 10 window Time interval ΔT between trust updates 10

As shown in FIG. 1, for three edge nodes A1, A2, A3 to be added in theindustrial network, these three edge nodes respectively transmit theirown identity information to the edge proxy for registration. Thesecurity administrator sets allowable error rates of these three edgenodes to be 10%, 15% and 20% respectively, and trust thresholds of theedge nodes A1, A2, A3 are shown in Table 8.

TABLE 8 Trust Thresholds of Edge Nodes A1, A2, A3 Trust Trust Value NodeError rate Description Range A1 10% Untrustworthy [0, 0.70) Uncertain[0.70, 0.90) Trustworthy [0.90, 1] A2 15% Untrustworthy [0, 0.61)Uncertain [0.61, 0.81) Trustworthy [0.81, 1] A3 20% Untrustworthy [0,0.51) Uncertain [0.51, 0.71) Trustworthy [0.71, 1]

Before the network operates, the edge proxy transmits a to-be-computeddata set with a data amount of 10 to the edge nodes A1, A2, A3respectively at t₀ for three times. After the edge proxy processesevidence, the judgment results of the edge nodes A1, A2, A3 are shown inTable 9. Initial trust values of the edge nodes A1, A2 and A3, trustidentifiers and valid time thereof are shown in Table 10.

TABLE 9 Three Evidence Processing and Judgment Results of Edge Nodes A1,A2, A3 A1 A2 A3 Accuracy Integrity Timeliness Accuracy IntegrityTimeliness Accuracy Integrity Timeliness membership membershipmembership membership membership membership membership membershipmembership degree degree degree degree degree degree degree degreedegree μ₁₋₀ ^(ε) μ₂₋₀ ^(ε) μ₃₋₀ ^(ε) μ₁₋₀ ^(ε) μ₂₋₀ ^(ε) μ₃₋₀ ^(ε) μ₁₋₀^(ε) μ₂₋₀ ^(ε) μ₃₋₀ ^(ε) The first 1 1 0.91 0.90 1 0.86 0.38 0.52 0.67time The 0.90 1 0.91 0.71 0.90 0.63 0.38 0.52 0.55 second time The third1 1 0.86 0.52 1 0.63 0.28 0.71 0.50 time Judgment matrix$\begin{bmatrix}0 & 0 & 1 \\0 & 0 & 1 \\0 & 0.33 & 0.66\end{bmatrix}$ $\begin{bmatrix}0.33 & 0.33 & 0.33 \\0 & 0 & 1 \\0 & 0.66 & 0.33\end{bmatrix}$ $\begin{bmatrix}1 & 0 & 0 \\0 & 0.66 & 0.33 \\0.33 & 0.66 & 0\end{bmatrix}$ Weight 0.77 0.01 0.22 0.66 0.03 0.31 0.52 0.20 0.28 A₀Judgment {0, 0.07, 0.92} {0.21, 0.42, 0.35} {0.61, 0.31, 0.06} resultTrustworthy Uncertain Untrustworthy Z_(A1-0)

TABLE 10 Initial Trust Associated Information of Edge Nodes A1, A2, A3Node Accuracy Integrity Timeliness identity membership membershipmembership Initial trust Trust Valid identifier degree degree degreevalue identifier time ID_(Ai) mean μ₁₋₀ mean μ₂₋₀ mean μ₃₋₀ Trust_(Ai-0)^(u) TI_(Ai-0) T_(Ai-0) ^(v) ID_(A1) 0.96 1 0.91 0.94 (0.80) 1 55ID_(A2) 0.71 0.96 0.63 0.75 1 55 ID_(A3) — — — — — — NOTE: the edgeproxy degrades the trust level of A1 to an uncertain level.

The initial trust value of A1 is greater than 0.9, in order to prevent amalicious node from cheating trust, the edge proxy replaces the trustvalue of A1 with 0.8, and transmits a trust identifier TI_(A1−0)−1 tothe site device. The trust level of A2 is an uncertain level, the edgeproxy allocates a trust identifier TI_(A2−0)−1 to same, and transmitsthe trust identifier to the site device. The judgment result of A3 isuntrustworthy, then, the edge proxy repeats steps of evidencecollection, evidence processing and initial trust evaluation twice.Since the judgment result is untrustworthy, A3 is a malicious or failededge node, the identity information of A3 and a trust identifierTI_(A3−0)=0 thereof are broadcast, and are reported to the safetyadministrator for replacement.

The edge proxy evaluates an initial trust value of a replaced edge nodeA3′ to be added, the initial trust value of the edge node A3′ is 0.65which is greater than 0.51, the trust level is an uncertain level, theedge proxy allocates a trust identifier TI_(A3′−0)=1 to the edge nodeand transmits the trust identifier to the site device, and the sitedevice receives the trust identifier and then transmits data to the edgenode.

After the network operates for 10s, the edge proxy initiates a trustupdate request to the site device, and the site device transmits thecollected data to the edge node and the edge proxy simultaneously. Theedge proxy starts the first round of trust update, the evidence of theedge node A1, A2, A3′ needs to be collected for three times and theamount of data collected each time is 10. After the first round of trustupdate for 10s, a second round of trust update is conducted. After tworounds of trust update, the final trust values of the edge nodes A1, A2,A3′ in each round of trust update are shown in Table 11.

TABLE 11 Updated Final Trust Associated Information about A1, A2, A3′Number of times Node of Direct Corrected identity evidence trust directtrust Penalty or Final trust Trust Valid Time identifier collectionvalue value reward value identifier time t_(τ) ID_(Ai) CN_(τ)Trust_(Ai-τ) 

Trust_(Ai-τ) ^(d) E_(Ai-τ) ^(f) Trust_(Ai-τ) ^(u) TI_(Ai-τ) T_(Ai-τ) 

t₁ ID_(A1) 3 0.93 0.85 −0.04 0.81 1 192 ID_(A2) 3 0.90 0.79 0.06 0.85 2202 ID_(A3′) 3 0.85 0.71 0 0.71 2 202 t₂ ID_(A1) 5 0.84 0.84 0.01 0.85 1(0) — ID_(A2) 5 0.70 0.73 0.09 0.82 3 333 ID_(A3′) 5 0.88 0.79 0.03 0.823 333

indicates data missing or illegible when filed

Because trust identifiers of A1 are equal for three consecutive times,the edge proxy regards A1 as a malicious node; the edge proxy broadcastsidentity information about A1 and the trust identifier 0 thereof, andreports to the security administrator for replacement. After the safetyadministrator replaces A1 with A1′, the edge proxy evaluates an initialtrust value thereof, and the edge proxy updates final trust values ofA2, A3′ after evaluating the initial trust value of A1′ Evaluationresults when updating to the fourth round are shown in Table 12.

TABLE 12 Updated Final Trust Associated Information about A1, A2, A3′Number of times Node of Corrected identity evidence Direct trust directtrust Penalty or Final trust Trust Valid Time identifier collectionvalue value reward value identifier time t_(τ) ID_(Ai) CN_(t)Trust_(Ai-τ) ^(cd) Trust_(Ai-τ) ^(d) E_(Ai-τ) ^(f) Trust_(Ai-τ) ^(u)TI_(Ai-τ) T_(Ai-τ) ^(v) t₂ ID_(A1) 3 0.96 — — 0.96 1  55 ID_(A2) 6 0.830.78 0.06 0.84 4 404 ID_(A3′) 6 0.81 0.83 −0.04 0.79 4 404 t₄ ID_(A1) 30.99 0.97 −0.04 0.93 2 202 ID_(A2) — — — −1 0 0 — ID_(A3′) 7 0.91 0.840.11 0.95 5 474 NOTE: the computing result of A2 leads to a safetyaccident in industrial production.

During the fourth round of trust update, a score given by the sitedevice to A2 is −1, so the edge proxy regards A2 as a malicious node.The edge proxy broadcasts identity information about A2 and the trustidentifier 0 thereof, and reports to the security administrator forreplacement. After the safety administrator replaces A2 with A2′, theedge proxy evaluates an initial trust value thereof first. The edgeproxy updates final trust values of A1′, A3′ after evaluating theinitial trust value of A2′. Evaluation results in the fifth round oftrust update are shown in Table 13.

TABLE 13 Final Trust Associated Information about Edge Nodes A1′, A2′,A3′ after Fifth Round of Trust Update Number of Node times of Correctedidentity evidence Direct trust direct trust Penalty or Final trust TrustValid Time identifier collection value value reward value identifiertime t₅ ID_(Ai) CN₅ Trust_(Ai-5) ^(cd) Trust_(Ai-5) ^(d) E_(Ai-5) ^(f)Trust_(Ai-5) ^(u) TI_(Ai-5) T_(Ai-5) ^(v) t₅ ID_(A2′) 3 0.91 — — 0.91 1 55 ID_(A1′) 3 0.96 0.96 0 0.96 2 302 ID_(A3′) 8 0.87 0.85 0.06 0.91 6545

When trust update is conducted to the tenth round, the historical directtrust values of A1′ stored in the sliding window in the edge proxy areshown in Table 14. After the fifth round of trust update, the directtrust values of A1′ are not updated.

TABLE 14 Sliding Storage Window of Edge Node A1′ 1 2 3 4 5 6 7 8 9 100.96 0.99 0.96

At this moment, the historical direct trust values of A2′ stored in thesliding window in the edge proxy are shown in Table 15. Weightscorresponding to the first to the fifth panes are 0.30, 0.40, 0.54,0.74, and 1.00 respectively, and a sum of the weights is 2.98. The edgeproxy weighted averages the historical direct trust values, obtainingTrust_(A2′−10) ^(hd)=0.88.

TABLE 15 Sliding Storage Window of Edge Node A2′ 1 2 3 4 5 6 7 8 9 100.91 0.87 0.83 0.89 0.93

At this moment, the historical direct trust values of A3′ stored in thesliding window in the edge proxy are shown in Table 16. Weightscorresponding to all panes are 0.06, 0.09, 0.12, 0.16, 0.22, 0.30, 0.40,0.54, 0.74 and 1.00 respectively, and a sum of the weights is 3.63. Theedge proxy weighted averages the historical direct trust values,obtaining Trust_(A3′−10) ^(hd)=0.87.

TABLE 16 Sliding Storage Window of Edge Node A3′ 1 2 3 4 5 6 7 8 9 100.65 0.85 0.88 0.81 0.91 0.87 0.83 0.89 0.93 0.85

Results in the tenth round of trust update are shown in Table 17.

TABLE 17 Final Trust Associated Information about Edge Nodes A1′, A2′,A3′ Number of Node times of Corrected identity evidence Direct trustdirect trust Penalty or Final trust Trust Valid Time identifiercollection value value reward value identifier time t₁₀ ID_(Ai) CN₁₀Trust_(Ai-10) ^(cd) Trust_(Ai-10) ^(d) E_(Ai-10) ^(f) Trust_(Ai-10) ^(u)TI_(Ai-10) T_(Ai-10) ^(v) t₁₀ ID_(A2′) 8 0.91 0.88 0.06 0.94 6 545ID_(A1′) — — — — 0.96 — 0 ID_(A3′) 9 0.84 0.85 −0.01 0.84 11 655

After the fifth round of trust update, the trust identifier of the edgenode A1′ is expired, however, the trust value thereof is still notupdated, the edge proxy regards A1′ as a malicious node or failed node,lists same in a blacklist, broadcasts the identity and trust identifier0 thereof, and reports to the safety administrator for replacement.

In conclusion, an edge node is a malicious or failed node in followingfour cases:

(1) a judgment result of the edge node is untrustworthy;

(2) trust identifiers for three consecutive times of the edge node areequal;

(3) a site device feeds back a safety incident; and

(4) the trust identifier of the edge node is expired.

Finally, it should be noted that the above embodiments are only used fordescribing, rather than limiting the technical solution of the presentinvention. Although the present invention is described in detail withreference to the preferred embodiments, those ordinary skilled in theart shall understand that the technical solution of the presentinvention can be amended or equivalently replaced without departing fromthe purpose and the scope of the technical solution. The amendment orequivalent replacement shall be covered within the scope of the claimsof the present invention.

1. A judgment method for edge node computing result trustworthinessbased on trust evaluation, characterized in that: the method comprisesfollowing steps: S1 Before Network Operation Each edge node to be addedtransmits identity information ID_(Ai), to an edge proxy forregistration, a security administrator sets an error rate ER_(Ai) ofcomputing errors allowed to be caused by each edge node in an industrialproduction environment; the edge proxy marks evidence collected forwhich number of times with ε(ε=1, 2, . . . , CN_(τ)), and marks trustassociated information as a trust value computed in which round withτ(τ∈N), where τ=0 when an initial trust value is evaluated, τ≥1 when atrust value is updated; CN_(τ) represents a total number of times ofevidence collection required when the edge proxy computes a trust valuein a τ^(th) round, and t_(τ), represents time when the edge proxy startscomputing the trust value in the τ^(th) round; and after verifying anidentity of an edge node, the edge proxy starts evaluating an initialtrust value of the edge node; S11 Evidence Collection The edge proxystarts evaluating the initial trust value of the edge node at τ₀, theedge proxy randomly generates a to-be-computed data set Data_(B−0)^(c-ε)={a⁰⁻⁰ ^(ε), a¹⁻⁰ ^(ε), a²⁻⁰ ^(ε), . . . , a_(l−0) ^(ε)}, andgenerates a result set Data_(B−0) ^(r-ε)={b¹⁻⁰ ^(ε), b²⁻⁰ ^(ε), b₃₋₀^(ε), . . . , b_(l−0) ^(ε)} after adjacent data are pairwise computed asa reference set, wherein this solution specifies that the number oftimes of evidence collection CN₀ required for initial trust valueevaluation is 3; the edge proxy transmits a to-be-computed set to theedge node, the edge node computes and then transmits a computing resultset Data_(Ai 0) ^(r-249)={c₁ ₀ ^(ε), c₂ ₀ ^(ε), c₃ ₀ ^(ε), . . . ,c_(l 0) ^(ε)} and a computing result Hash value set Data_(Ai-0)^(h-ε)={h¹⁻⁰ ^(ε), h²⁻⁰ ^(ε), h₃₋₀ ^(ε), . . . , h_(l−0) ^(ε)} to theedge proxy; according to the computing result set Data_(Ai-0) ^(r-ε)from the edge node, the edge proxy computes a Hash value Data_(Ai-0)^(h′ ε)={h¹⁻⁰ ^(ε′), h²⁻⁰ ^(ε′), h₃₋₀ ^(ε′), . . . , h_(l−0) ^(ε′)}corresponding thereto; the edge proxy records time t_(B−0) ^(s-ε) whenthe to-be-collected set is transmitted for the ε time, time t_(B−0)^(r-ε) when computing is completed, and time t_(Ai-0) ^(r-ε) when acomputing result of an edge node Ai is received, where i represents anumber of nodes, i=1,2,K,n; S12 Evidence Processing The edge proxyprocesses collected data as follows: (1) accuracy represents aproportion of the number of correct computing results to the number oftotal data; an accuracy computing formula of evidence collection for theε^(th) time is as follows: $\begin{matrix}{E_{{Ai} - \tau}^{{ac} - c} = \frac{N_{{Ai} - \tau}^{{ac} - \varepsilon}}{l}} & (1)\end{matrix}$ where N_(Ai−τ) ^(ac−ε) represents identical number in aresult set Data=_(R-r) ^(r-c) computed by the edge proxy in evidencecollection for the ε^(th) time and a result set Data_(Ai τ) ^(αr ε)computed by the edge node Ai, ε represents evidence collected for theε^(th) time, τ represents trust computing in the τ^(th) round, and lrepresents a data amount in evidence collection each time; (2) integrityrepresents a proportion of the number of complete data to the number oftotal data; an integrity computing formula of evidence collection forthe ε^(th) time is as follows: $\begin{matrix}{E_{{Ai} - \tau}^{{cm} - \varepsilon} = \frac{N_{{Ai} - \tau}^{{cm} - e}}{l}} & (2)\end{matrix}$ where N_(Ai−τ) ^(cm−ε) represents identical number in aresult Hash value set Data_(Ai-c) ^(h′ ε) computed by the edge proxy inevidence collection for the ε^(th) time and a result Hash value setData_(Ai-r) ^(h-ε) computed by the edge node Ai, ε represents evidencecollected for the ε^(th) time, represents trust computing in the τ^(th)round, and l represents a data amount in evidence collection each time;(3) timeliness represents a difference between a computing efficiency ofthe edge node Ai and a computing efficiency of the edge proxy; atimeliness computing formula of evidence collection for the ε^(th) timeis as follows:E _(Ai−τ) ^(tm-ε) =T _(Ai−τ) ^(tm-ε) −T _(B-τ) ^(tm-ε)  (3) whereT_(Ai−τ) ^(tm-ε) represents a computing efficiency of the edge node inevidence collection for the ε^(th) time; T_(B-τ) ^(tm-ε) represents acomputing efficiency of the edge proxy in evidence collection for theε^(th) time, and τ represents trust computing in the τ^(th) round; whenthe edge proxy evaluates the initial trust value, the edge proxycomputes a computing efficiency$T_{{Ai} - 0}^{{tm} - \varepsilon} = \frac{t_{{Ai} - 0}^{r - \varepsilon} - t_{B - 0}^{s - \varepsilon}}{l}$of CN₀ edge nodes and a computing efficiency$T_{B - 0}^{{tm} - \varepsilon} = \frac{t_{B - 0}^{r - \varepsilon} - t_{B - 0}^{s - \varepsilon}}{l}$of me edge proxy according to the time t_(B−0) ^(s-ε) when theto-be-collected set is is transmitted for the ε^(th) time, the timet_(B−0) ^(r-ε) when computing of the to-be-computed set is completed,and the time t_(Ai 0) ^(r-ε) when a computing result of an edge node Aiis received, substitutes the results into formula (3), and computes toobtain timeliness of the CN₀ edge nodes Ai; when evaluating the initialtrust value, the edge proxy processes evidence collected for three timesby means of formula (1), formula (2) and formula (3), to obtain threevalues of each of accuracy, integrity and timeliness of the edge nodesAi to be added; S13 Initial Trust Evaluation 1) Computing Initial TrustValue a direct trust value is a quantization value that indicates anability of the edge node to complete a request task and is based on aninteractive record history between the edge proxy and the edge node;when the edge proxy computes the initial trust value of the edge node,the edge node is in a to-be-operated state; the edge proxy conductsfuzzy evaluation on direct trust factors of edge nodes to be operatedrespectively, steps of computing direct trust values are as follow: (a)determining a factor set E={E_(Ai−τ) ^(ac-ε), E_(Ai−τ) ^(cm-ε), E_(Ai−τ)^(tm-ε)}, and an evaluation set V=(V₁, V₂, V₃), where V₁ representsuntrustworthiness, V₂ represents uncertainty, and V₃ representstrustworthiness; it is stipulated that μ^(un) is an untrustworthymembership degree, and 0≤μ^(un)<β_(u); μ^(in) is an uncertain membershipdegree, and β_(u)≤μ^(in)<β_(c); μ^(cr) is a trustworthy membershipdegree, and β_(c)≤μ^(cr)≤1, where β_(u) is untrustworthy threshold andβ_(c) is trustworthy threshold; the edge proxy computes membershipdegrees of accuracy, integrity and timeliness, computing formulae are asfollows: {circle around (1)} computing formula of membership degree ofaccuracy in evidence collection for the ε^(th) time is as follows:$\mu_{1 - \tau}^{\varepsilon} = \{ \begin{matrix}{0,} & {E_{{Ai} - \tau}^{{ac} - \varepsilon} = 0} \\{\lbrack {1 + {10( {1 - E_{{Ai} - \tau}^{{ac} - \varepsilon}} )^{2}}} \rbrack^{- 1},} & {0 < E_{{Ai} - \tau}^{{ac} - \varepsilon} \leq 1}\end{matrix} $ {circle around (2)} computing formula ofmembership degree of integrity in evidence collection for the ε^(th)time is as follows:$\mu_{2 - \tau}^{\varepsilon} = \{ \begin{matrix}{0,} & {E_{{Ai} - \tau}^{{cm} - \varepsilon} = 0} \\{\lbrack {1 + {10( {1 - E_{{Ai} - \tau}^{{cm} - \varepsilon}} )^{2}}} \rbrack^{- 1},} & {0 < E_{{Ai} - \tau}^{{cm} - \varepsilon} \leq 1}\end{matrix} $ {circle around (3)} computing formula ofmembership degree of timeliness in evidence collection for the ε^(th)time is${\mu_{3 - \tau}^{e} = \lbrack {1 + {\gamma \times ( E_{{Ai} - \tau}^{{tm} - c} )^{2}}} \rbrack^{- 1}},{{{where}\gamma} = {\frac{\begin{matrix}{{CPU}{clock}{speed}{of}} \\{{edge}{proxy}}\end{matrix}}{\begin{matrix}{{CPU}{clock}{speed}{of}} \\{{edge}{node}}\end{matrix}}:}}$ (b) computing proportions of membership degreescorresponding to accuracy, integrity and timeliness in trust computingin the τ^(th) round belonging to V₁, V₂, V₃, which are {r_(11 τ),r_(12 τ), r_(13 τ)}, {r_(21 τ), r_(22 τ), r_(23 τ)} and {r_(31 τ),r_(32 τ), r_(33 τ)} respectively, for example,${r_{11 - \tau} = \frac{N( \mu_{1 - \tau}^{{un} - \varepsilon} )}{{CN}_{\tau}}},$where N(μ_(1−τ) ^(un−ε)) represents the number of accuracy membershipdegrees of CN_(τ) accuracy membership degrees within an untrustworthymembership degree range; the edge proxy obtains a judgment matrix${R_{\tau} = \begin{bmatrix}r_{11 - \tau} & r_{12 - \tau} & r_{13 - \tau} \\r_{21 - \tau} & r_{22 - \tau} & r_{23 - \tau} \\r_{31 - \tau} & r_{32 - \tau} & r_{33 - \tau}\end{bmatrix}};$ (c) computing weight corresponding to accuracy,integrity and timeliness using the entropy weight method, the computingsteps being as follows: {circle around (1)} forming a matrix by CN_(τ)membership degrees μ_(1−τ) ^(ε), μ_(2−τ) ^(ε), μ_(3−τ) ^(ε)corresponding to accuracy, integrity and timeliness: $\begin{bmatrix}\mu_{1 - \tau}^{1} & \cdots & \mu_{1 - \tau}^{\varepsilon} & \cdots & \mu_{1 - \tau}^{{CN}_{\tau}} \\\mu_{2 - \tau}^{1} & \cdots & \mu_{2 - \tau}^{\varepsilon} & \cdots & \mu_{2 - \tau}^{{CN}_{\tau}} \\\mu_{3 - \tau}^{1} & \cdots & \mu_{3 - \tau}^{\varepsilon} & \cdots & \mu_{3 - \tau}^{{CN}_{\tau}}\end{bmatrix};$ {circle around (2)} computing information entropycorresponding to accuracy, integrity and timeliness:${E_{j - \tau} = {{- ( {\ln{CN}_{\tau}} )^{- 1}}{\sum\limits_{s = 1}^{{CN}_{\tau}}{( p_{j - \tau}^{\varepsilon} ){\ln( p_{j - \tau}^{\varepsilon} )}}}}},{{{where}p_{j - \tau}^{\varepsilon}} = \frac{\mu_{j - \tau}^{\varepsilon}}{\sum\limits_{s = 1}^{{CN}_{\tau}}\mu_{j - \tau}^{\varepsilon}}},{( {{j = 1},2,3} );}${circle around (3)} computing weight corresponding to accuracy,integrity and timeliness:${\alpha_{j - \tau} = \frac{1 - E_{j - \tau}}{3 - {\sum_{j = 1}^{3}E_{j - \tau}}}},$in order to avoid the condition where the weight is zero when the degreeof dispersion of a certain factor is too small, weight rangescorresponding to accuracy, integrity and timeliness are a₁∈[0.5,0.8],a₂∈[0.01,0.2] and a₃∈[0.2,0.4] respectively, where a₁>a₃>a₂; when theweight obtained using the entropy weight method is not within thespecified range, the maximum or minimum value of the corresponding rangeis taken, actual weight is${\alpha_{j - \tau}^{\prime} = \frac{\alpha_{j - \tau}}{\alpha_{i - \tau}{❘\alpha_{2 - \tau}❘}\alpha_{3 - \tau}}},{{A_{\tau} = \{ {\alpha_{1 - \tau}^{\prime},\alpha_{2 - \tau}^{\prime},\alpha_{3 - \tau}^{\prime}} \}};}$(d) computing a judgment result Z_(Ai−τ)=A_(τ)*R_(τ)={z_(1−τ), z_(2−τ),z_(3−τ)} there being following three cases: {circle around (1)} whenz_(1−τ), is the maximum, the edge node Ai is untrustworthy, the edgeproxy does not compute an average membership degree of accuracy,integrity and timeliness; {circle around (2)} when z_(2−τ) is themaximum, the edge node Ai is uncertain in trust, the edge proxy computesmeans of membership degrees within a range [β_(u), β_(c)) correspondingto accuracy, integrity and timeliness, which are${\overset{\_}{\mu_{1 - \tau}} - \frac{\sum_{i = 1}^{{CN}_{\tau}}\mu_{1 - \tau}^{{in} - \varepsilon}}{N( \mu_{1 - \tau}^{{in} - \varepsilon} )}},{\overset{\_}{\mu_{2 - \tau}} - \frac{\sum_{i = 1}^{{CN}_{\tau}}\mu_{2 - \tau}^{{in} - \varepsilon}}{N( \mu_{2 - \tau}^{{in} - \varepsilon} )}},{\overset{\_}{\mu_{3 - \tau}} - \frac{\sum_{i = 1}^{{CN}_{\tau}}\mu_{3 - \tau}^{{in} - \varepsilon}}{N( \mu_{3 - \tau}^{{in} - \varepsilon} )}},$where a denominator represents the number of membership degrees of allfactors within the range [β_(u), β_(c)) and a numerator represents thesum of membership degrees of all factors within the range [β_(u),β_(c)); μ_(1−τ) ^(in−ε) is the membership degree of the accuracy of theτ^(th) evidence collection within the range [β_(u), β_(c)), μ_(2−τ)^(in−ε) is the membership degree of the integrity of the τ^(th) evidencecollection within the range [β_(u), β_(c)), μ_(3−τ) ^(in−ε) is themembership degree of the timeliness of the τ^(th) evidence collectionwithin the range [β_(u), β_(c)); {circle around (3)} when is themaximum, the edge node Ai is trustworthy, the edge proxy computes meansof membership degrees within a range [β_(c), 1] corresponding toaccuracy, integrity and timeliness, which are${\overset{\_}{\mu_{1 - \tau}} - \frac{\sum_{i = 1}^{{CN}_{\tau}}\mu_{1 - \tau}^{{cr} - \varepsilon}}{N( \mu_{1 - \tau}^{{cr} - \varepsilon} )}},{\overset{\_}{\mu_{2 - \tau}} - \frac{\sum_{i = 1}^{{CN}_{\tau}}\mu_{2 - \tau}^{{cr} - \varepsilon}}{N( \mu_{2 - \tau}^{{cr} - \varepsilon} )}},{\overset{\_}{\mu_{3 - \tau}} - \frac{\sum_{i = 1}^{{CN}_{\tau}}\mu_{3 - \tau}^{{cr} - \varepsilon}}{N( \mu_{3 - \tau}^{{cr} - \varepsilon} )}},$where a denominator represents the number of membership degrees of allfactors within the range [β_(c), 1] and a numerator represents the sumof membership degrees of all factors within the range [β_(c), 1];μ_(1−τ) ^(cr−ε) is the membership degree of the accuracy of the τ^(th)evidence collection within the range [β_(c), 1], μ_(2−τ) ^(cr−ε) is themembership degree of the integrity of the τ^(th) evidence collectionwithin the range [β_(c), 1], μ_(3−τ) ^(cr−ε) is the membership degree ofthe timeliness of the τ^(th) evidence collection within the range[β_(c), 1]; (e) the edge proxy computes a direct trust valueTrust_(Ai−τ) ^(cd) of the edge node Ai according to the averagemembership degree of accuracy, integrity and timeliness, and the weightthereof, the computing formula being as follows:Trust_(Ai−τ) ^(cd) =a′ _(1−τ) μ_(1−τ) +a′ _(2−τ) μ_(2−τ) +a′ _(3−τ)μ_(3−τ)   (4) since the edge nodes to be operated have no historicaltrust values and feedback scores, at this moment, the initial directtrust value is the final trust value, and the final trust value beforethe edge node Ai operates is Trust_(Ai−0) ^(cd)=Trust_(Ai−0) ^(cd); 2)Computing Trust Identifier edge node trust is divided into three levels,namely an untrustworthy level, an uncertain level and a trustworthylevel; a threshold of the untrustworthy level is β_(u), a threshold ofthe trustworthy level is β_(c), 0<β_(u)<β_(c)≤1 andβ_(c)=[110(ER_(Ai))²]⁻¹, β_(u)=β_(c)−0.2, where ER_(Ai) represents anerror rate of computing errors allowed to be caused by each edge node Aiin an industrial production environment occasionally due to mistake,0≤ER_(Ai)<30%, the greater the β_(u) and β_(c), the sensitive the systemto incorrect computing results; the security administrator sets an errorrate of errors allowed to be caused by each edge node in an industrialproduction environment, and the edge proxy computes corresponding β_(u)and β_(c) according to the error rate; the edge proxy computes a trustidentifier of an edge node Ai to be operated according to a judgmentresult, the rules are as follows: (a) for an edge node of which thetrust value level is a trustworthy level, in order to prevent amalicious node from cheating trust, the edge proxy replaces a trustvalue of the edge node with a trustworthy level with$\frac{\beta_{u} + \beta_{c}}{2},$ that is, degrades the edge node witha trustworthy level to an edge node with an uncertain level; (b) for anedge node of which the trust value level is an uncertain level, the edgeproxy allocates a trust identifier TI_(Ai−0)=1 of an initial trust valueto the edge node, computes valid time T_(Ai−0) ^(v) of the initial trustidentifier according to formula (5), and stores initial trust associatedinformation locally; a computing formula of the valid time T_(Ai−0) ^(v)of the trust identifier of the initial trust value is as follows:T _(Ai−0) ^(τ)=5l×CN ₀× T _(Ai−0) ×l+5ΔT  (5) where i represents anumber of on-line edge nodes, CN₀ represents a number of times ofevidence collection in initial trust evaluation, T_(Ai 0) represents anaverage computing efficiency$\overset{\_}{T_{{A\iota} - 0}} = \frac{\sum_{s = 1}^{{CN}_{0}}T_{{Ai} - 0}^{{tm} - \varepsilon}}{{CN}_{0}}$of edge nodes Ai, l represents a data amount of evidence collection eachtime, ΔT represents a time interval between trust updates, and the validtime is in second; if a trust identifier of an edge node is expired, theedge proxy lists the edge node in a blacklist; (c) for an edge node ofwhich the trust level is an untrustworthy level, that is, an edge nodeof which the z_(1 τ) is the maximum, to avoid evaluation errors, theedge proxy repeats the above-mentioned steps of evidence collection,evidence processing and trust evaluation to evaluate the initial trustvalue thereof twice, if the trust value is still untrustworthy afterbeing evaluated twice, reports to the security administrator to replacethe edge node, and computes an initial trust value of the replaced edgenode to be added; initial trust associated data of the edge node Aiincludes initial trust value evaluation start time t₀, a node identityidentifier ID_(Ai), an accuracy membership degree mean μ¹⁻⁰ , anintegrity membership degree mean μ²⁻⁰ , a timeliness membership degreemean μ³⁻⁰ , an initial trust value Trust_(Ai−0) ^(u), a trust identifierTI_(Ai−0) and valid time T_(Ai−0) ^(v); the edge proxy transmits thetrust identifier to a site device, the site device checks the trustidentifier of the edge node to be operated and then transmits data to anedge node with a trust identifier greater than 0, and then the edge nodeis in an operating state; S2 After Network Operation S21 EvidenceCollection after a network operates for ΔT time, the edge proxyinitiates an update trust request to the site device, the edge proxystarts to collect the collected data of the site device, a computingresult of the edge node and a Hash value thereof, and a feedback scorefrom the site device, records response time and a historical directtrust value of the edge node; after the edge proxy initiates the trustupdate request, the edge proxy conducts each evidence collection infollowing two cases: case 1: the edge node directly returns thecomputing result to the site device, and the site device transmits thecomputing result of the edge node and the Hash value thereof to the edgeproxy; case 2: after preliminary computing, the edge node transmits thecomputing result and the Hash value thereof to the edge proxy, the edgeproxy collects evidence and uploads the computing result of the edgenode, trust identifier and signature to an industrial cloud, theindustrial cloud checks the trust identifier of the edge node andverifies the signature and then further processes a preliminarycomputing result of the edge node, the industrial cloud transmits thecomputing result and the signature to the edge proxy, the edge proxyverifies the signature and then transmits the computing result to thesite device; the edge proxy collects evidence data in the above twocases, and collects l evidence data as one evidence collection; eachround of trust update requires evidence collection for CN_(τ) times, andthe edge node is in an operating state at this moment; the edge proxyrecords the number of times of evidence collection with ε(ε=1, 2, . . ., CN_(τ)); during the τ^(th) round of trust update, the edge proxycollects evidence for CN_(τ) times and then conducts evidence processingand trust update operations; a time interval between every two rounds oftrust updates is ΔT; a computing formula of the number of times ofevidence collection CN_(τ) required for the τ^(th) round of trust updateis specified as follows:CN _(τ)=┌6×arctan[0.5×TI _(Ai−(τ−1))]┐  (6) the edge proxy computes thenumber of times of evidence collection CN_(τ) required for the τ^(th)round of trust update according to the trust identifier of the(τ−1)^(th) time; the edge proxy rapidly updates the trust value of theedge node when the trust identifier is small and the number of times ofevidence collection is less; at the initial stage of network operation,the number of times of evidence collection increases with the increaseof the number of trustworthy times, in order to update the trust valuein time and reduce trust computing amount, the number of times ofevidence collection cannot be infinitely increased, and the maximumvalue of the number of times of evidence collection${{{CN}_{\tau}{is}\lceil {6 \times \frac{\pi}{2}} \rceil} = 10};$ 1)Direct Trust Factor Collection the site device transmits the collecteddata a_(0−τ) ^(ε) to the edge proxy and the edge node Ai simultaneity,the site device transmits a piece of data every Δt, and the edge proxyand the edge node Ai start processing after receiving the secondcollected data; the edge proxy processes a computing result of the datacollected in two consecutive times as b_(ϑ−τ) ^(ε), the edge node Aiprocesses a computing result of the data collected in two consecutivetimes as c_(ϑ−τ) ^(ε), ϑ represents a serial number of evidencecollected in each evidence collection, (ϑ=1, 2, . . . , l); during eachevidence collection, the site device needs to transmit (l+1) data, andthe data transmitted by the site device form a set Data_(D−τ)^(c−ε)={a_(0−τ) ^(ε), a_(1−τ) ^(ε), a_(2−τ) ^(ε), . . . , a_(l−τ) ^(ε)};at t_(τ), the edge proxy starts the τ^(th) round of trust update, theedge proxy collects evidence for CN_(τ) times in total, l data evidencecollected for the ε^(th) time including a computing result Data_(B−τ)^(r−ε)={b_(1−τ) ^(ε), b_(2−τ) ^(ε), b_(3−τ) ^(ε), . . . , b_(l−τ) ^(ε)}of the edge proxy, a computing result Data_(Ai−τ) ^(r−ε)={c_(1−τ) ^(ε),c_(2−τ) ^(ε), c_(3−τ) ^(ε), . . . , c_(l−τ) ^(ε)} of the edge node Aiand a Hash value Data_(Ai−τ) ^(h−ε)={h_(1−τ) ^(ε), h_(2−τ) ^(ε), h_(3−τ)^(ε), . . . , h_(l−τ) ^(ε)} thereof, and a corresponding Hash valueData_(Ai−τ) ^(h′−ε)={h_(1−τ) ^(ε′), h_(1−τ) ^(ε′), h_(2−τ) ^(ε′), . . ., h_(l−τ) ^(ε′)} computed by the edge proxy according to the computingresult set Data_(Ai−τ) ^(r−ε) of the edge node Ai; the edge proxyrecords time t_(D−τ) ^(s−ε) of transmitting the first data by the sitedevice when collecting evidence for the ε^(th) time, time t_(B−τ) ^(r−ε)of computing the l^(th) result by the edge proxy, and time t_(Ai−τ)^(r−ε) of computing the l^(th) result by the edge node Ai; 2) HistoricalDirect Trust Value Collection because trust dynamically changes withtime, in order to avoid malicious acts, the edge proxy uses a historicaldirect trust value to correct a direct trust value, and the edge proxyuses a sliding window to store the historical direct trust value so asto reduce the influence of the old direct trust value on the new directtrust value; each edge node has a sliding storage window, the larger thewindow, the more the storage and computing overhead, so a short andsmall sliding storage window can limit the amount of trust computing andimprove the efficiency of trust evaluation; the sliding storage windowincludes u panes, each pane retains a historical direct trust value,that is, a direct trust value before the τ^(th) round of trust update isstored in the sliding storage window; a direct trust value stored in thek pane is Trust_(Ai−(τ−u+k−1)) ^(cd); only when each pane has a directtrust value, the window begins to move, and moves one pane every time; anew direct trust value is added into the window after the trust isupdated, while an expired direct trust value is extruded out of thewindow; during the τ^(th) round of trust update, direct trust valuesfrom the (τ−u)^(th) round of trust update to the (τ−1)^(th) round oftrust update are stored in the window, and a direct trust value of theτ^(th) round is stored in the sliding storage window after the τ^(th)round of trust update; when a trust identifier of the edge node Ai isequal to 0, the edge node is regarded as a malicious node, and the edgeproxy deletes a sliding storage window thereof; 3) Feedback ScoreCollection the edge proxy updates a final trust value of an edge node inan operating state and also needs to take into account a feedback scoregiven to a computing result of the edge node by the site device; a ruleof giving scores to edge nodes by the site device is as follows: if asafety accident occurs, the site device feeds back d_(ϑ−τ) ^(ε)=−1regardless whether a trust update is being conducted, and the edge proxylists an edge node corresponding to the feedback score in a blacklist;otherwise, the site device feeds back scores given to computing results:bad review d_(ϑ−τ) ^(ε)=0 and good review d_(ϑ−τ) ^(ε=)1; the sitedevice feeds back the scores given to the computing results to the edgeproxy, during the τ^(th) round of trust update, the edge proxy collectsfor CN_(τ) times and collects l feedback scores each time, and afeedback score collected by the edge proxy for the ε^(th) time isData_(Ai−τ) ^(f−ε)={d_(1−τ) ^(ε), d_(2−τ) ^(ε), . . . , d_(ϑ−τ) ^(ε), .. . , d_(l−τ) ^(ε)} including scores given, by the site device, tocomputing results directly returned by v edge nodes to the site deviceand scores given, by the site device, to computing results transmittedby (l−v) edge nodes to the industrial cloud for processing and thenreturned to the site device; a proxy signature based on elliptic curveis used to make the communication between the edge nodes and theindustrial cloud trustworthy, no matter the computing results receivedby the site device come from the edge nodes or the industrial cloud, theobjects to which the site device feeds back scores are edge nodes; S22Evidence Processing 1) Direct Trust Factor Processing after collectingevidence for CN_(τ) times, the edge proxy respectively computesaccuracy, integrity and timeliness of an edge node Ai during eachevidence collection in the τ^(th) round of trust update; (a) the edgeproxy computes accuracy of the edge node Ai according to formula (1);(b) the edge proxy computes integrity of the edge node Ai according toformula (2); (c) according to the time t_(D−τ) ^(s−ε) of transmittingthe first data by the site device when collecting evidence for theε^(th) time, the time t_(B−τ) ^(r−ε) of computing the l^(th) result bythe edge proxy, and the time t_(Ai−τ) ^(r−ε) of computing the l^(th)result by the edge node Ai, the edge proxy computes a computingefficiency$T_{{Ai} - \tau}^{{im} - \varepsilon} = \frac{t_{{Ai} - \tau}^{t - \varepsilon} - t_{D - \tau}^{\varepsilon - \varepsilon}}{l}$of the edge node and a computing efficiency$T_{B - \tau}^{{im} - \varepsilon} = \frac{t_{B - \tau}^{\tau - \varepsilon} - t_{D - \tau}^{s - \varepsilon}}{l}$of the edge proxy, substitutes T_(Ai−τ) ^(tm−ε), T_(B−τ) ^(tm−ε) intoformula (3), and compute timeliness of the edge node Ai; when conductingthe τ^(th) round of trust update, the edge proxy processes the collecteddirect trust factors by means of formula (1), formula (2) and formula(3), to obtain CN_(τ) values of each of accuracy, integrity andtimeliness of an edge node Ai to be examined; 2) Historical Trust ValueProcessing for weight factors of historical direct trust values atdifferent time, there is a need to take into account a time factor, thatis, the longer the time of the trust value, the lower the proportion; aweight of the k^(th) pane of the sliding storage window is:φ_(k) =e ^(−ρ(u−k))  (7) where ρ represents an attenuation coefficientwhich is 0.3; if the sliding storage window is not fully stored, u isthe number of actual historical direct trust values; according to thehistorical direct trust value and weight thereof in the sliding storagewindow, the edge proxy computes a weighted average historical trustvalue Trust_(Ai−τ) ^(hd) of the edge node Ai in the τ^(th) round oftrust update: $\begin{matrix}{{Trust}_{{Ai} - \tau}^{hd} = \frac{\sum_{k = 1}^{u}{\varphi_{k} \times {Trust}_{{Ai} - {({\tau - u + k - 1})}}^{cd}}}{\sum_{k = 1}^{n}\varphi_{k}}} & (8)\end{matrix}$ 3) Feedback Score Processing for an edge node with afeedback score of −1, the security administrator replaces the edge nodewith an edge node to be added, and the edge proxy repeats an initialtrust value computing step, to evaluate an initial trust value of theedge node to be added; according to the feedback score, the edge proxycomputes reward and penalty factors of the edge node Ai in the τ^(th)round of trust update; and according to a difference ΔN_(Ai−τ)^(ε)−N_(Ai−τ) ^(g−ε)−└l×(1−ER_(Ai))┘ between the total number of timesof good review N_(Ai−τ) ^(g−ε) during evidence collection for the ε^(th)time and the minimum required number of correct computing results, theedge proxy computes a reward factor E_(Ai−τ) ^(g−ε) and a penalty factorE_(Ai−τ) ^(b−ε) corresponding to the evidence collection for the ε^(th)time, where N_(Ai−τ) ^(g−ε)=Σ_(ϑ−1) ^(l)d_(ϑ−τ) ^(ε), ER_(Ai) is theerror rate that the edge node is allowed to calculate in an industrialproduction environment; if ΔN_(Ai−τ) ^(ε)≥0, the reward factor andpenalty factor corresponding to the evidence collection for the ε^(th)time are E_(Ai−τ) ^(g−ε)=0.3[(1|e^(−ΔN) ^(Ai−τ) ^(ε) )⁻¹0.5] andE_(Ai−τ) ^(b−ε)−0 respectively; otherwise, the reward factor and penaltyfactor corresponding to the evidence collection for the ε^(th) time areE_(Ai−τ) ^(g−ε)=0 and E_(Ai−τ) ^(b−ε)=0.4[(1|e^(−ΔN) ^(Ai−τ) ^(ε))⁻¹0.5] Old respectively; the reward degree is small and the penaltydegree is large, which reflects the characteristic that the trust valueis slowly increased and quickly decreased; the edge proxy computes afinal reward or penalty factor E_(Ai−τ) ^(f) according to the reward andpenalty factors in the ε^(th) round of trust update: $\begin{matrix}{E_{{Ai} - \tau}^{f} = \{ \begin{matrix}{0,} & {{\exists d_{\vartheta - t}^{\varepsilon}} = {- 1}} \\{\frac{\sum_{\varepsilon = 1}^{{CN}_{\tau}}\lbrack {E_{{Ai} - \tau}^{g - \varepsilon} + E_{{Ai} - \tau}^{b - \varepsilon}} }{{CN}_{\tau}},} & {\forall{d_{\theta - i}^{\varepsilon} \neq {- 1}}}\end{matrix} } & (9)\end{matrix}$ good feedback from the field device increases the trustvalue of the edge node Ai and bad feedback rapidly decreases the trustvalue of the edge node Ai; if there is safety accident feedback from thesite device, E_(Ai τ) ^(f) appears as a penalty factor, E_(Ai τ) ^(f)=0;if there is no safety accident feedback, E_(Ai−τ) ^(f)>0 representsreward E_(Ai−τ) ^(f)<0 represents penalty, and E_(Ai−τ) ^(f)=0represents neither reward nor penalty; S23 Trust Update according to thedirect trust value, historical trust value and feedback scores, the edgeproxy updates the trust value of the edge node, the edge node is in ato-be-examined state at this moment; a time interval between every tworounds of trust updates is ΔT; 1) Computing Direct Trust Value the edgeproxy repeats the step of computing a direct trust value when evaluatinginitial trust, and computes a direct trust value Trust_(Ai−τ) ^(cd) ofthe edge node Ai to be examined of which the judgment result istrustworthy or uncertain in the τ^(th) round of trust update by means offormula (4); for an edge node to be examined of which the judgmentresult is untrustworthy, the edge proxy directly lists the edge node ina blacklist; 2) Correcting Direct Trust Value before computing the finaltrust value, the edge proxy needs to correct the direct trust value byusing the weighted average historical direct trust value; the edge proxyweights and aggregates Trust_(Ai−τ) ^(cd) and Trust_(Ai−τ) ^(hd) of theedge node Ai to obtain a corrected direct trust value Trust_(Ai−τ) ^(d)of the edge node Ai in the τ^(th) round of trust update:Trust_(Ai−τ) ^(d)=δ=Trust_(Ai−τ) ^(cd)+(1−δ)×Trust_(Ai−τ) ^(hd)  (10)where δ is used to balance proportions of current trust and historicaltrust, and δ is defined as follows: $\begin{matrix}{\delta = \{ \begin{matrix}{\delta_{1},} & {{Trust}_{{Ai} - \tau}^{cd} \geq {Trust}_{{Ai} - \tau}^{hd}} \\{\delta_{2},} & {{Trust}_{{Ai} - \tau}^{cd} < {Trust}_{{Ai} - \tau}^{hd}}\end{matrix} } & (11)\end{matrix}$ where 0≤δ₁<δ₂<1, it is specified that δ1=0.3, δ₂=0.7, thevalue of δ₁ is small, to prevent the edge node from accumulating trustthereof quickly, and the value of δ₂ is large, which reflects a penaltyfor a malicious act of the edge node; 3) Updating Final Trust Valueaccording to the reward or penalty factor computed in formula (9), theedge proxy computes a final trust value of the edge node to be examined;a computing formula of the final trust value Trust_(Ai−τ) ^(u) of theedge node Ai in the τ^(th) round of trust update is as follows:$\begin{matrix}{{Trust}_{{Ai} - \tau}^{u} = \{ \begin{matrix}{{E_{{Ai} - \tau}^{f} \times {Trust}_{{Ai} - \tau}^{d}},} & {{\exists d_{\vartheta - \tau}^{\varepsilon}} = {- 1}} \\{{E_{{Ai} - \tau}^{f} + {Trust}_{{Ai} - \tau}^{d}},} & {\forall{d_{\theta - i}^{\varepsilon} \neq {- 1}}}\end{matrix} } & (12)\end{matrix}$ if a certain feedback score is −1, the final trust valueof the edge node Ai in the τ^(th) round of trust update is equal to 0;otherwise, the final trust value of the edge node Ai in the τ^(th) roundof trust update is equal to a corrected direct trust value of the edgenode Ai plus a reward or penalty factor; 4) Computing Trust Identifierafter trust update, the edge proxy compares the final trust value of theedge node to be examined with a trust threshold (trust critical value)in Table 2-trust level table, and then computes a trust identifier ofthe edge node Ai according to the judgment result and the final trustvalue, rules are as follows: (a) for an edge node of which the trustvalue level is a trustworthy level, the edge proxy computes a trustidentifier TI_(Ai−τ) thereof according to formula (13), computes validtime T_(Ai−τ) ^(v) of the trust identifier according to formula (14),and then stores trust associated information thereof locally accordingto a data structure in Table 6; a specific computing formula of thetrust identifier of the edge node Ai in the τ^(th) round of trust updateis as follows: $\begin{matrix}{{TI}_{{Ai} - \tau} = \{ \begin{matrix}{0,} & {{Trust}_{{Ai} - \tau}^{d} < \beta_{u}} \\{{TI}_{{Ai} - {({\tau - 1})}},} & {\beta_{u} \leq {Trust}_{{Ai} - \tau}^{d} < \beta_{c}} \\{{{TI}_{{Ai} - {({\tau - 1})}} + 1},} & {{Trust}_{{Ai} - \tau}^{d} \geq \beta_{c}}\end{matrix} } & (13)\end{matrix}$ a computing formula of the valid time T_(Ai−τ) ^(v) of thetrust identifier of the trust value is as follows:T _(Ai−τ) ^(v)−6×CN _(τ) ×l×( T _(Ai−τ) +Δt)+TI _(Ai−τ) ×ΔT  (14) whereCN_(τ) represents a number of times of evidence collection required inthe τ^(th) round of trust update, l represents a data amount of evidencecollection each time, T_(Ai τ) represents an average computingefficiency$\overset{\_}{T_{{A\iota} - \tau}} = \frac{\sum_{\varepsilon = 1}^{{CN}_{\tau}}T_{{Ai} - \tau}^{{tm} - \varepsilon}}{{CN}_{\tau}}$of edge nodes Ai, Δt represents a time interval at which the site devicetransmits data, ΔT represents a time interval between trust updates, andthe valid time is in second; if a trust identifier of an edge node isexpired, the edge proxy lists the edge node in a blacklist; (b) for anedge node of which the trust level is an uncertain level, a trustidentifier thereof is unchanged; the edge proxy checks the trustidentifier thereof, and if the number of times of continuous equality ofthe trust identifier is less than 3, the edge proxy allows the edge nodeto operate; otherwise, the edge proxy lists the edge node in ablacklist, and then the edge node is in an isolation state; (c) for anedge node of which the trust level is an untrustworthy level, the edgeproxy lists the edge node in a blacklist directly, and then the edgenode is in an isolation state; the edge proxy broadcasts identityinformation about the edge node in the blacklist and a trust identifier0 thereof, and reports to the security administrator to replace the edgenode; after the security administrator replaces the isolated edge nodewith an edge node to be added, the edge proxy repeats an initial trustvalue computing step, to separately evaluate an initial trust value ofthe edge node to be added; trust associated data of the edge node Aiincludes start time t_(τ) of the τ^(th) round of trust update, a nodeidentity identifier ID_(Ai), an average accuracy membership degreeμ_(1−τ) , an integrity membership degree mean μ_(2−τ) , a timelinessmembership degree mean μ_(3−τ) , a corrected direct trust valueTrust_(Ai−τ) ^(d), a reward or penalty factor E_(Ai−τ) ^(f), a finaltrust value Trust_(Ai−τ) ^(u), a trust identifier TI_(Ai−τ) and validtime T_(Ai−τ); the edge proxy transmits the trust identifier to the sitedevice, the site device decides whether to transmit data according tothe trust identifier of the edge node, and transmits data to an edgenode with a trust identifier greater than 0 rather than to an edge nodewith a trust identifier equal to 0; after ΔT time, the edge proxyrepeatedly executes the steps of evidence collection, evidenceprocessing and trust update, and so on.